The marketing department is crucial to the operation of the business. Therefore, computers in the marketing department will be secured through deployment of anti-malware programs, intrusion detection and prevention systems, firewalls and use of security policies. Access policies will be tailor made to control who uses the computers. Sales force comprises of the sales department personnel. Because most of the time these users are telecommuting, their computers and laptops must be secured. External users will be authenticated before they are allowed to connect to the company resources. The administrator will check external laptops given to the sales force to ascertain company approved patches and antivirus. As part of the configurations, the administrator will determine the public facing IPs of the server or the Fully Qualified Domain Name of the server. All the mobile telecommuters will be registered and allowed direct access through the DirectAccess settings in the Group Policy Object. In case of theft, personal computers will not be useful because they require authentication privileges held by the certified user only.
The organization is recommended to set up a VPN connection to support internal and external users. Intranet based VPNs connects the organizational diverse locations with the headquarters. Connectivity is essentially for file and application sharing. IPSec is mostly used to create this kind of networks. For remote connections, telecommuters are enabled to access the organizations pool of resources through a dial up service via a local internet connection. Remote users will be required to dial up a local internet connection which will initiate a secure IPSec-based VPN connection to the organization.
Workstations within the building and the server will be secured by use of host based intrusion detection and prevention system. Host intrusion detection systems are security methods used in computers and network management. In HIDS, anti-threat applications such as spyware-detection programs, antivirus software’s and firewalls are installed on every networks computer. This is applicable in two-way access platforms such as the internet and gathers information from various sources and analyses it to identify possible areas of attacks. HIDS is, therefore, suitable for business critical hosts and servers in a DMZ that are compromised more frequently . Demilitarized zones add an additional layer of security to the organizations network because any attacker can only access the external-facing components of the network instead of the whole network. Data in the external facing layer require lowest security while those on the inside require first priority protection. Thus, DMZ is worth implementing.
The data in the company’s databases is crucial for continued business operations and should be protected. Different types of users have got access to this data. Sales force, administrators, and managers will access information at different levels of access. Sales force will be granted access to associated functions such as updating the sales tables among others. However, they will be denied editing or deleting user information. Administrators will have the overall duty of creating accounts for each user and updating their details. Managers will oversee the sales departments operations, targets, and related functions. Thus their access rights are higher than those of the sales team.
OS hardening is done to eliminate all the possible threats.
For server hardening, the guest accounts are disabled while administrator accounts are changed regularly.
In the same way, unneeded services should be turned off to protect the network from possible attacks. For Cisco routers, the following services can be disabled; tcp small-servers, udp small-servers, no ip source-route, finger protocol and no ip identd.
The implementation of this security features is expected to take a period of four months. The company will set up a VPN network to accommodate telecommuting users. This will take a month. Second, host based intrusion and prevention systems will be installed on all the workstations. This will precede one department after the other. It is expected to take approximately one month until completion. Finally, testing of the systems will be conducted to determine their efficiency. The testing process will take two weeks.
Testing will determine effectiveness of the systems put in place. Remote access functionalities will be tested via the use of wrong credentials to determine if access and authentication will be granted. If denied on the network, the system is effective. Likewise, network traffic to the internal workstations and servers will be tested. The process will utilize known malware to try to intrude into the system. If the attack in unsuccessful, the system will be considered up to date in terms of security.
Event logging helps in tracking events that have taken place in a given software. One mechanism that will be used is that of Windows NT ebent log. This will enable logging to be enabled in the departments. The events that need to be logged include the errors that occurred, the triggers that occurred in the system. There will also be the need to catch the people who logged into the system. All changes to the database should be captured in the data logs. It is also important to captuer the errors that are encountered while using the systems. These will help in handlig and solving the problems that are met in the system. The events should be logged in everytime there are changes that take place. The changes can be saved daily. This will give all the details that are required. The daily routine will also make the data logs readable.
Antivirus product recommendation
There is a need to have anti-virus to be used in the emtire organization. This will protect the computers from attacks and viruses that innocent users mightget while surfing the internet. I would recommend Kaspersky product as an antivirus to be used in the organisation. The reason I choose this is because of the fact that it is easy to be updated in the servers. The anti-virus will get updates from the server. This will mean that the users will not be tasked with updating the antivirus. The antivirus also gets patches frequently.
One mechansim that can be set to monitor security alerts in the server is to have security gateways sebnding alerts for different events. The security gateway from the server will then send the alerts to the SmartView Monitor client that belongs to the system administrator. This is an effective mechanism as the system administrator does not have to manually check the server.
There are moments that the system administrator is required to check the alert log manually and not using automated logs. Thiis is when there is a pattern that the administrator needs to confirm. This pattern can be broken and some new insights can be laernt. There are also situatins where the administrator want to know if the automation process of alerts has been compromised. The logging system could be compromised. This needs to be checked. The manual checking of the security logs is important and should be undertaken by system administrators from time to time.
Timeline recommendation process
The recommendation timeline for the implementation to take place is one week. This is because there is a need to undertake the testing of the system and configuartion. The purchasig of the anti-virus will be a day and the rest will be to configure this antivirus in the server. The implementation and the testing of the antivirus in the server will take place in 3 days. This is because there is a need to undertake appropriate testing.
There will be the need to undertake testing of the systems so that there is assurity that the security of the system is working optimally. There will be the need to test working of the antivirus. There will be the need to check the upates of the antivirus. Suspicious sites will be visited by the administrator and will check if the antivirus will respond to these sites and the security threats that they pose to the network.
There will alos be the need to test the system ro check if the administrator has absolute rights. A username of an ordinary user ro check if the system will reject that name.
Legal issues for computer crimes
There are legal implications for computer crimes when they occur. ABC should have legal implications when faced with computer crimes. There should be the contact person who will handle all the issues in this process of solving issues.
Mechanisms for fault tolerance
There should be mechanisms that will be used in fault tolerance. One of the mechanisms that will be used is that of using formal specifications. The use of formal specification will depend on the size and the complexity of the information system that is being rolled. With the complexity of information systems and the increase in the cost of building these information systems is an important concept that will have to be considered. With the use of formal specifications in higher levels, it will be possible to have abstraction of undertaking the work. With the use of this mechanism, there will be the eradication of the need to put a lot of effort for every node that will be used in the system. There are a lot of errors, application nodes, and recovery strategies that need to be solved. With the use of specifications, this will be avoided as the solution will be done at abstracted levels. With the use of this mechanism, it will be possible to reason out and analyze the solutions that have been provided. There are different types of analyses that are possible with this mechanism. The availability and use of any analysis will depend on the notation and degree of formality that is available.
Another fault tolerance mechanism is implementation synthesis. This requires that much of the implementation should be derived from the formal specifications. The synthesis of implementation is undertaken from the need to address the requirement to have a solution and also to have a link to the use of formal specifications. One of the advantages of having implementation synthesis is that the system developers will be able to amortize the cost and the effort that is needed for developing the specification. There will also be the leveraging of the specification notations. Another advantage of this mechanism is that the process of undertaking the validation and verification of the system will be done on the formal specification and synthesis process and not every version of the system that is being developed.
Another mechanism of fault tolerance is supporting an implementation architecture that supports fault-tolerance activities. This will include high-levels of the ability o detecting errors and a well coordinated process of error recovery. There are two different levels that have to be addressed while undertaking this. In this solution, there is node-level architecture and system-level architecture.
Computer crime and legal implications for employees
Computer crime is becoming common with the use of computers to do many business operations. Activities that are involved in cybercrime include hacking, creating viruses, forgery, stealing confidential information, and denial of service. With the increasing use of computers, there is a new form of breaking the law. There are implications that are laid down to handle the issues and problems that come with cybercrime.
The use of computers and the increasing cyber attacks lead to the formation of the Computer Fraud and Abuse Act. This was meant to handle computer crimes because the nature of these crimes is different from the traditional crimes. The legislations that are used to govern computer crime are general cybercrime legislations. In the United States, computer crime of virus creation and distribution of the virus so that it affects government computers and those used by financial institutions is under federal crime. This is put under the Computer Crime and Abuse Act.
Dispute resolution mechanism for handling computer crime
It is important to address the computer crime and have a dispute resolution process that will be followed. One of the mechanisms that will be used to address computer crime is to assess the damages that have been brought about by the computer crime. The resolution will be undertaken after a complete analysis of the damage that has been caused by the crime. This could be extended to check the geographical coverage of the computer crime.
Another mechanism is to address the potential damage that could have been caused of that will continue to be caused by the crime. The punishment will be given based on the damage that has been caused.
The contact person of handling computer crime in ABC Company is the legal officer. This is concerned with the legal issues that touch the organization. The legal officer will look at the legal framework and how the culprits will be made liable.
Process of appeal
The process that will be followed in undertaking appeal for the cases will be based on the severity of the crime. If there was no clear definition of the ruling, then the perpetrator will get some reprieve and start the appeal process. This will be after the legal officer has consulted with the judicial service body concerning the case. This will also be based on the guidelines provided by the organization. If the crime is not defined in the Computer Crime and Abuse Act, this will not be included.
The recommendation for ABC Inc, is that it should make use of specifications fault resolution strategy. This is because it is efficient and cost-effective. With this strategy, it will be possible to have all the faults at higher levels of abstraction.
The areas which require continuous operations include service delivery procedures to the clients. This should be continuous so that there is no interruption of business. All systems that interact with the clients should be designed to provide continuous working.
Brian Caswell, J. B. (2008). Snort 2.1 Intrusion Detection, Second Edition. Syngress.
Kizza, J. M. (2009). A guide to computer network security. Springer.
Kurose, J., & Keith, R. (2012). Computer networking. New York: Pearson Education.
Mansfield-Devine, S. (2011). DDoS: threats and mitigation. Network Security. Springer .