Description

Scenario:

You have been recently hired as a network security analyst for a small accounting firm. The firm realizes

that it needs help to secure its network and customers' data. With your background and skills, the firm is

looking to you to provide guidance. In addition to helping the firm secure its network, the firm requires

that you obtain your CompTIA Security+ certification within 60 days of being hired.

In addition to the owner, who serves as the overall business manager, there are about 20 people on

staff:

•  10 accountants

•  3 administrative support specialists

• 1 vice president

•  1 financial manager

•  2 interns

There is also one IT support technician on staff, who has basic computer hardware and networking

knowledge. He has requested that the firm create a website, hosted internally, so that new customers

can get information about the firm. This will be important to remember as you complete your final

project.

The firm has a simple network. There are 20 computers and two multipurpose printers. All computers

and printers are connected wirelessly to a NETGEAR MR814 device. This router is connected to a

Motorola SB3100 cable modem. Staff email accounts are set up through the company's Internet

provider. Employees use a combination of Microsoft Outlook and standard web browsers to access their

e-mail. The owner uses his personal iPad during work hours to check and respond to email messages.

UNCLASSIFIED

UNCLASSIFIED

Prior to your hiring, the firm hired a network cabling contractor to run Cat 6 cables from the central

wiring closet to all offices and cubicles. The firm wants to move away from using wireless as the primary

network connection, but wants to keep wireless access for customers coming to the building. The

technician who did the wiring mentioned to your supervisor that he should look into setting up a

Windows Server domain to manage user access, instead of the current peer-to-peer network. He also

recommended that the firm invest in a managed switch and a firewall, and look into having some

backups. The internal IT support technician agreed with these recommendations but needs your help to

implement them.

You've been asked to assess the current vulnerabilities and provide a recommendation to the firm's

owner on how to better secure the network infrastructure. Now that you are aware of the firm's history,

your assessment and recommendation should provide specifics about the network security settings that

must be implemented and the equipment that must be procured, installed, and configured. The firm's

owner has a basic understanding of computing, so it is important that you explain the technical issues in

layman's terms.

Vulnerabilities Assessment and Recommendation Document (Parts 1-3)