Information System Design and Implementation Assignment

I declare that this assignment is my own work and that the sources of information and material I have used (including the internet) have been fully identified and properly acknowledged as required in the referencing guidelines provided.

Fit to Sit Policy

The University operates a Fit to Sit policy whereby all students, in submitting or presenting themselves for any assessment, are declaring that they are fit to sit the assessment.  Students cannot subsequently claim that their performance in that assessment was affected by extenuating circumstances.

This assignment addresses the following learning outcome(s) of the module:
   
To demonstrate a practical understanding of the design and implementation of information systems.

To demonstrate the ability to recognise any risks or safety aspects that may be involved in the operation of computing equipment within a given context.

Coursework Task

Scenario A

You are a network administrator at a company. There is a database server that stores accounting data, customer data, and employee data. There is also a web server that must be accessed by customers and employees. Some employees work remotely and need access to an FTP server to upload and download files. The company uses Microsoft Exchange for internal email.

a) Describe the justification for running FTP and the web service on different computers.

b) The table below lists some well-known ports and some servers. Identify whether the ports should be open or closed.

c) Describe the danger port scanners pose to your network.

d) You decide to segment your network using a DMZ. Which servers should you place in the DMZ?

e) What precautions should you take to physically secure the servers?

f) The database servers are in a locked closet on the internal network. How should you apply access permissions to add another layer of depth to the database servers’ defence?

Scenario B

You are designing a cryptography and public key strategy for a large company. The company has identified some files it considers confidential and others that require integrity. Some users send email that must be authenticated. In addition, the company has a website that customers use to view product information and place orders.

a) Why is it preferable to use longer keys when encrypting data?

b) Why should you use symmetric encryption to encrypt data instead of asymmetric encryption?

c) How can you ensure that emails can be authenticated?

d) How can you ensure that the contents of emails are not changed during transit?

e) Which requirement should be met by purchasing a certificate from a well-known third-party Certificate Authority (CA)?

Scenario C

Understanding how to identify a risky download, attachment, or phishing email is an essential part of mitigating the threat of malware. Automated scanners have limitations - they can only identify known attacks. Identifying new or unpublished attacks requires a sharp eye and a keen nose for trouble. Users can develop those over time, but they need training. Of course, before you can train users in what to look for, you have to know yourself.

Think about the following situations and determine whether the action is safe, moderately safe, moderately risky or risky and explain why.

a) You access an online shopping site. A dialog is displayed that reports the site’s SSL certificate has expired. How risky is it to provide your credit card on this site?

b) You access an online shopping site. A dialog is displayed that reports that the site’s SSL certificate was not issued by a trusted certificate authority. How risky is it to provide your credit card on this site?

c) You receive an email from your bank asking you to verify your address and phone number. The email contains a link with a different domain name than your online banking site. When you click the link, you are prompted for a username and password. How safe is it to enter the information?

d) You receive an email from a former business acquaintance that you haven’t heard from in several years. The subject of the message is Hello. The message contains an attachment, how risky is it to open the attachment?

e) You have antivirus software installed, but you are connecting to the Internet through a dial-up connection until your broadband service is restored. How risky is it to ignore the virus signature update message?

f) An online training website uses a non-persistent cookie to track your progress in a session. How risky is it to accept the cookie?

g) You are creating a website for your business and need to publish your email address so that customers can contact you. How risky is it to use your regular email address?

SUMMARY OF DELIVERABLES

You are required to produce a short report that answers all of the questions in each of the scenarios presented.  (Each of the questions requires no more than a paragraph to answer.)