Introduction
A small accounting firm has 20 computers and two multipurpose printers that are all connected wirelessly to a NETGEAR MR814 device that is connected to a Motorola SB3100 cable modem. The firm also has 20 employees who emails accounts are set up through the organization’s internet service provider. To access their email accounts, the staff use Microsoft Outlook and standard web browsers. The company wants to move from using wireless connection as the primary network connection but want to maintain wireless access for their customers in the building. To do this, the firm has hired a contractor to run Cat 6 cables from the central wiring closet to all offices. The contractor also wants to use Windows server domain to manage user access, install a managed switch and firewall, and also make some backups. The purpose of the network assessment is to examine and report on all vulnerabilities so that the firm can upgrade their network. This will secure their network and customer data providing data integrity for the accounting records and guaranteeing the confidentiality of important financial records in the firm.
I. Vulnerability Assessments
The current network topology/ infrastructure of the accounting firm, peer-to-peer (P2P) network infrastructure, can allow processor sharing, instant messaging, and file sharing [2]. However, P2P is liable to a lot of risk factor. The process of file sharing in this network infrastructure is easy hence important files and customer's data can be leaked easily both intentionally and unintentionally. Amateur computers users are usually fond of sharing their entire hard drive subjecting all their folders and security clearance such as passwords and cookie [3], which hackers are prying.
Netgear MR814 router process of authenticating the administrator of the network can easily be bypassed with a program that sort specific Uniform Resource Locator (URL locates web resources) gaining access to the router web interface through the wireless or the Ethernet connection of the network [2]. The router remote management if turned on can also allow access to the network, which might compromise firm and customers’ records.
This Motorola SB3100 cable modem is relatively slower with an occasional signal drop. It also takes longer time to establish connection online [2]. The associated risk in the Netgear router and P2P network connection can further deteriorate the speed of the modem. Hackers are able to transfer data to a different server thus jamming your network connection.
The web page used by employees to access their mails provides a potential media for the hackers to use to gain access to your computer files and generate information such as credit card numbers and bank accounts[1]. Unprotected web page session using Microsoft outlook to send email, and web pages are prone to cyber threats. Cyber threats are malicious software's that are able to compromise your computer integrity. Popular cyber threats include Trojan horse, adware, Botnets, and malware[3]. Trojan horse is notoriously known to disguise themselves genuine application which when activated collect information from the computer folders. It also consumer hard drives space in the computer turning files into shortcuts. Botnets is a network of computers that has been infected with malware without owner's knowledge, sending information to the attacker. All this can compromise the integrity of the firm and customers record if various measures are not put into place.
II. Network/System Security Recommendations
In order to resolve security vulnerabilities created by the network infrastructure and devices, it is recommended to install or purchase the following device which will enhance security and ensure firm and customer data integrity;
There are different window domain servers offered by the Microsoft Corporation [2]. Window domain server 2003 is Microsoft domain server, which can provide low, standard, high security and can utilize a framework to encrypt packet traffic transmitted with computer address. They function as a central point in which all computers, printers, and copiers are known as clients are connected to share the resource [1]. Windows domain server uses an active directory as their operating system to maintain the system database. The active directory contains registry of user accounts and information that domain controller uses to authenticate different level of users. In the Active Directory, users can be categorized as either an administrator or regular user with similar security clearance. This grouping enable the domain controller to differentiate thus allow different level access to the review network recourse.
The accounting firm will need a cisco RV320 to cater for the need of their entire workforce. The router provides a secure connection online with encryption of the traffic being generated [2]. It also has a firewall to prevent online intrusion by attackers with a speed of up to 100Mbps. The router can also allow Ethernet connection using the cat 6 cable already installed. In addition to that, it also has a Wide Area Network (WAN) supporting wireless connection.
Switches should be used in the network to enable the computers in the organization to operate without a router since they share the same subnet. All the internal computers are first connected to the switches then router to enable faster sharing resources from the server without an internet connection [3]. A parameter firewall should be set up to protect the resource of a particular network. It will prevent unrecognized traffic from outside that can cause potential damage to the resource in the network.
The cat 6 cable connected to the organization operate at a frequency of 250MHz which a higher for SB3100. SB6114 cable modem is an upgrade from the SB3100. It gets you a faster speed at an affordable price than the previous SB3100, which was slow, hampered with numerous user in the organization [2]. SB6141 will enable the organization to enjoy faster Ethernet connection which is their primary focus as well as enable the customer to enjoy faster WAN and secured connection with the premise of the organization.
III. Application/End-User Security Recommendations
Using the device obtained with the firm, the will be able to setup parameters to secure their records as well customers data [3]. The device provides a comprehensive system that can be used to ensure the integrity of the organization data is maintained which will attract more customers to the organization due to top level security products that are used for maintaining their data.
The firm should implement a group policy. The window server domain can use the active directory to design use policy environment which will enable the system administrator to design organization operation protocols and standard which can then be shared to other computer acting as the client in the with a network [3]. This will ensure data integrity of the data in the organization as well as ensure a standard of practice that will protect document and files with the database of the firm.
A Virtual Private Network (VPN) should be used to ensure that most of the organization’s users remain anonymous over the internet. The cisco routing will enable the organization to set up a VPN network for the organization to protect their customer’s data and firm record [3]. VPN also provide can provide remote access to the user and access resource in different location securely without compromising organization data.
Windows Update Service (WUS) through the domain server will ensure all the computer update patches are downloaded once instead of different computers downloading updates then sharing to its clients [3]. This service reduces the constraint of the internet caused when individual computer downloads their updates. It is also able to regulate repetitive download of updates online using domain controllers
References
[1]T. Thomas, Newtork security first-step, 1st ed. Indianapolis, Ind: Cisco Press, 2004.
[2]A. Prasad and P. Green, "Organizational Competencies and Dynamic Accounting Information System Capability: Impact on AIS Processes and Firm Performance", Journal of Information Systems, vol. 29, no. 3, pp. 123-149, 2015.
[3]J. Biskup, Security in computing systems, 1st ed. Berlin: Springer, 2009.