STP Limited is a company that designs and manufactures cabinets and is based out of Wollongong. The head office of the company is also located in Wollongong and the company is growing at a rapid pace with expansion of its services and operations in different regions. The company has started its business operations in Bathurst and Lithgow owing to increased sales and revenues and has also set up another office in Sydney. There are a total of four operating locations currently with warehousing and equipment installed in all of these four locations. It is essential to have a string and integrated network connectivity to provide the customers with services of good quality and reliability.
STP Limited is working on the enhancement of its network connections and integrations to allow the offices at four locations to function as a single unit. These four office set ups have an Internet connection installed along with the presence of a switch, modem and ADSL connectivity. Wireless connectivity along with the permission to the employees to get their devices at work is also allowed.
Further developments in the area of communication and networking will bring in several advantages for STP Limited. An effective communication and networking channel will enhance the information sharing and problem resolution capabilities among the employees. The transparency and communication with the customers will also improve leading to better customer engagement. The customers may require assistance in terms of operational, technical or functional aspect which would be easily provided by the assistance team with string network connectivity (Cisco, 2008).
Scope of the Project
The project scope includes the activities and items that would assist in the development and improvement of network integration, network management and network security.
The project activities that will be covered by the project team members during the project life cycle will include the setting up of network architecture and its design, development along with the implementation and integration tasks. The networking tools and mechanisms for ensuring network security and privacy will also be covered.
Set of Goals
- Integration of all the four offices of STP Limited as a single unit with same networking capabilities and connectivity distributed to all.
- Setting up the network security tools to make sure that the network privacy and security is never compromised (Pareek, 2011).
- Ability to achieve better results in terms of the revenues that are earned and the customer base associated with the company.
Description and Details
· The project strategies and mechanisms adhere to the goal of STP Limited to achieve and earn better revenues and customer engagement levels.
· The project activities of network design and development along with implementation and integration will assist in achieving the goals.
· Network security and privacy tools will be used for maintaining a secure environment.
· The choice of the communication and networking channels are compatible with other technical systems and applications that are being used.
· There are no issues in terms of the connectivity and integration of the networks.
· A competitive edge will be achieved as network security is a trending topic.
· The service quality will see improvements as the enhanced network integration and management will lead to increased satisfaction levels for the customers.
· Project management has laid out the strategies that will assist in the achievement of the organizational goals.
· The allocation of roles and responsibilities has been done to achieve the same.
Network Security Aspects
Network security is a discipline that comprises of issues in abundance which will be required to be analyzed and resolved. The presence of the human resources in the support staff and local IT department must be as per the requirement. Remote management and control will also be essential with the specification of different roles like Security Manager, Network Manager, Network Analyst, Network Administrator etc.
The device configurations that have been installed must be accessible through different means, such as, SSL, HTTPS, and Telnet etc. Remote network management must also include the features of remote configuration and error resolution.
The network security solutions and services that are installed for the branch office must focus upon the office sizes and shall be easy to implement. There must also be safe routing and secure WAN connections that must be enabled at the branch office.
The types and nature of the network security threats are witnessing a lot of change. There is no defined framework or structure that is available in this regard and it is not constant as well. For example, a recent ransomware attack called WannaCry had a negative implication of millions of systems and applications in over 150 countries. The primary reason was the inefficiency of the systems to deal with such a security attack. Quick updates on the security parameters are still difficult to apply in most of the organizations in the current times (Canavan, 2001).
There shall be use of reactive and proactive measures in association with network security solutions and applications so that the unknown and unpredicted risks are also avoided. Advanced networking solutions in terms of network based intrusion prevention and detection tools shall also be used with network analysis capabilities.
Security Applications & Services for the Branch Office
- A secure VPN connectivity shall be set up so that the centrally operated applications and their remote management are easy and safe.
- Internet security applications and tools must be used so that the associated risks are avoided.
- Internal services shall be equipped with secure network connections so that the internal risks and security attacks do not take place (Alabady, 2009).
- The solutions that are selected and installed must be cost-effective, reliable and scalable.
Virtual Private Networks (VPNs)
IPSec VPNs and their usage will be mandatory in the branch office so that the overall security is maintained. The networking team must ensure that over 100 simultaneous tunnels and encrypted throughput of over 100 Mbps is maintained. There shall also be use of advanced encrypting algorithms such as 3-DES and AES with digital signatures and hashing algorithms (Joshi and Karkade, 2015). Security shall be maintained with the use of NAT traversal as well.
The use of firewalls shall be distributed across the networking model and it should not remain restricted to only the networking layer of the model. It is the basic security step that prevents the unsecure network traffic to gain access and a majority of the attacks are prevented as a result.
Firewall is a basic security mechanism that does not have the ability to put a check on all forms of network security attacks. The use of advanced controls and applications such as network based intrusion detection and prevention systems must be included for advanced filtering and control. There shall also be use of analysis techniques in association with these applications (Strebe, 2004).
Advanced Content Filtering
Anti-malware tools and applications shall be acquired and installed, such as, anti-viruses, anti-adware, anti-spyware etc. These tools will put a filter on the network based security risks and attacks. Web and URL filtering shall also be used to put a control on the outbound traffic and the access to the unknown and unauthorized entities shall be prevented (Soriano, 2011).
Security of Mobile Devices
STP Limited makes use of Bring You Own Devices (BYOD) concept in which employee-owned devices are used for professional operations. There may be many security risks that may emerge with this scheme. The mobile devices are also being used otherwise which may lead to the likelihood of associated attacks and their execution in terms of the security of the mobile devices.
Many of the network based tools have been developed to make sure that the security of the mobile devices is always maintained.
In this technique, all the aspects associated with the mobile devices are analyzed and highlighted in terms of the device type, OS version, browser version etc. There may be certain security loopholes that may be found in this process which are listed as an outcome (Souppaya, 2013).
Network Access Controls
Every mobile device is required to be installed with certain security controls and applications so that the security risks and attacks do not take place. There are network access controls that have been developed which analyze the network activity on the networks that are connected to the device. The suspicious and malicious activities are highlighted and the devices are made secured against the same as an outcome.
This mechanism includes the setting up of the security mechanisms on the basis of various networking standards like 802.1x standard. There may also be use of biometric and one time passwords as the techniques for advanced authentication (Sujithra and Padmavathi, 2012).
Hardware Purchases: Plan and Steps
- Computer Systems: The computer systems will be essential for the execution of activities like network installation, testing, design and development. These systems shall be compatible with the software and technical tools that are used in the organization and shall have LINUX and Windows as the operating systems.
- Servers: The set of servers that shall be purchased and deployed shall include database servers, web servers and file servers.
- Peripheral Equipment: Network peripherals and equipment including routers, hubs, bridges, switches, network interface cards, connecting wires and gateways shall be purchased.
- Simulators and Emulators: These tools will assist in the network testing activities to gain a virtual environment of the network devices and connections.
- Communication Devices: Telecommunication devices and equipment shall be acquired for maintaining and setting up advanced communication capabilities.
- The business continuity shall be targeted to be maintained by using and designing a disaster recovery plan. It shall analyze the organizational assets under critical and non-critical categories. The frequency of data backups, network controls to be applied and number of repositories to be setup shall be determined accordingly.
- Multi-generational backups for the systems and applications must be created by the administrators for the critical applications.
- The use of networking tools that are being used in the area of network security shall be prepared and the updates shall be installed regularly for enhancement of the security framework.
Risk Management & Assessment
Risk management is a process that is a part of project management and it aims to identify and analyze the risks that are associated with a particular system or application and suggests the measures and strategies that can be applied for its treatment.
Strategy for Risk Management
Identification of the Risks
The networking team must identify the risks that are present and the same shall be summarized in the form of a table in a risk register. This is the first step that is present in the process of risk management and therefore, the identification must be done by exploring and analyzing different sources for better results.
Risk Responsibilities & Roles
The resources and the specific roles that are responsible for handling and managing the risks shall be identified and mapped with the risks that are listed (Berg, 2010).
Assessment of the Risks
Every risk that is identified shall be assessed to understand the impact of the risk along with the likelihood that may be associated with it. Priority of the risk handling and treatment shall also be calculated.
Risk Response Strategy
There are different measures and mechanisms that can be applied for responding to the risks. These strategies and response behaviour depends upon several factors and parameters like risk category, impact, probability etc. (Crane, 2013).
Mitigation of the Risks
The risks that must be accepted or transferred shall be treated separately. The once that need to be avoided or mitigated shall be mapped with the specific steps of actions to be undertaken so that mitigation of the risks is achieved (Dcu, 2015).
Monitoring and Reporting
The management must ensure that the treatment and mitigation strategies are applied correctly and the reporting of the risks is also done adequately. There must be reviews and audits that must be executed in this area to ensure the expected results are achieved (Debono, 2016). A risk closure report must be prepared at the end covering all the activities that are executed for the management of the risks.
STP Limited is an organization that is spread across different locations in terms of its services and operating areas with its branch office present in Wollongong. The primary necessity for the organization is to make sure that it has a strong network connectivity and integration present across all the units and the security and privacy of the networks is also up to the mark. There are several tools and applications that can be used for this purpose along with the modifications in the policies and administrative checks. The branch office security solutions must focus upon the setting up of VPN connections and use of internet security tools. The security shall be cascaded in two broad areas as data security on the networks and security of the devices. Specific controls and measures must be adopted in both these areas. The network management and security services that are identified must also focus upon the primary goal of customer satisfaction and maximization of the revenues. The processes of setting up new tools and environment along with change in the policies and administrative controls must not take a toll on the business functions and operations. The business continuity shall always be maintained so that the customer demands and expectations are fulfilled. The management must also make sure that service quality is never dropped and reliability and accuracy of the services are maintained all throughout.
There are recommendations that have been provided for the enhancement and evaluation of the network management and security in STP Limited.
- There shall be testing processes that shall be carried out through third parties and end-users.
- The access logs of the WLAN connections shall be reviewed so that specific risk areas are highlighted and handled.
- Identity centric security model must be created and implemented so that the overall network security is improved.
- There shall be a strong integration of the network components like network applications, systems, devices and tools.
- The obsolete devices and technologies shall be removed and replaced with the latest set of controls.
- The use of increased automation of services and the replacement of the manual operations with their automated counterparts.
- The medium of network connectivity used by the employees that make use of tele-communication applications.
- Total number of employees available at a particular instance of time.
- VPN capabilities that is associated with the employees.
- Inventory device types that are used and implemented in the company
- Types of the operating systems that are deployed in the devices that are used
- Determination of the network and WLAN usage on the basis of the connections and number of devices
- WLAN capacity associated with the mobile devices and equipment
- The set of VoIP services that are used and the associated latency sensitive applications.
- The cost associated with the WLAN connections and the cost of setting up the infrastructure.
Alabady, S. (2009). Design and Implementation of a Network Security Model for Cooperative Network. [online] Available at: https://www.iajet.org/iajet_files/vol.1/no.2/Design%20and%20Implementation%20of%20a%20Network%20Security%20Model%20for%20Cooperative%20Network.pdf [Accessed 26 Sep. 2017].
Berg, H. (2010). Risk Management: Procedures, Methods and Experiences. [online] Available at: https://ww.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-09.pdf [Accessed 26 Sep. 2017].
Canavan, J. (2001). Fundamentals of Network Security. [online] Available at: https://whc.es/Network/Fundamentals%20of%20Network%20Security.pdf.1.pdf [Accessed 26 Sep. 2017].
Cisco (2008). Wireless and Network Security Integration Solution Overview. [online] Available at: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/secwlandg20/sec_wireless_overview.pdf [Accessed 26 Sep. 2017].
Crane, L. (2013). Introduction to Risk Management. [online] Available at: https://extensionrme.org/pubs/IntroductionToRiskManagement.pdf [Accessed 26 Sep. 2017].
Dcu (2015). Introduction to Risk Management. [online] Available at: https://www.dcu.ie/sites/default/files/ocoo/pdfs/Risk%20Mgt%20Training%20Slides.pdf [Accessed 26 Sep. 2017].
Debono, R. (2016). Project Risk Management. [online] Available at: https://www.isaca.org/chapters11/Malta/Documents/Events/210416%20-%20Mark_Debono%20-%20Understanding_Risk_in_the_Field_of_Project_Management.pdf [Accessed 26 Sep. 2017].
Joshi, M. and Karkade, R. (2015). Network Security with Cryptography. [online] Available at: https://www.ijcsmc.com/docs/papers/January2015/V4I1201544.pdf [Accessed 26 Sep. 2017].
Pareek, R. (2011). Network Security: An Approach towards Secure Computing. [online] Available at: https://www.rroij.com/open-access/network-security-an-approach-towards-secure-computing-160-163.pdf [Accessed 26 Sep. 2017].
Soriano, M. (2011). Information and Network Security. [online] Available at: https://improvet.cvut.cz/project/download/C2EN/Information_and_network_security.pdf [Accessed 26 Sep. 2017].
Souppaya, M. (2013). Guidelines for Managing the Security of Mobile Devices in the Enterprise. [online] Available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf [Accessed 26 Sep. 2017].
Strebe, M. (2004). Network Security Foundations. [online] Available at: https://imcs.dvfu.ru/lib.int/docs/Networks/Security/Network%20Security%20Foundations.pdf [Accessed 26 Sep. 2017].
Sujithra, M. and Padmavathi, G. (2012). Mobile Device Security: A Survey on Mobile Device Threats, Vulnerabilities and their Defensive Mechanism. [online] Available at: https://dl.icdst.org/pdfs/files/35dc646a4630971fd27c6b2d32661555.pdf [Accessed 26 Sep. 2017].