By now, you are feeling confident that the security of the MegaCorp network is getting under control. You are aware that there are still several critical areas that you must deal with, and today you are addressing one of those areas. You have been able to take care of the router, firewall, security policy, and intrusion detection, now you are concerned with some of the hosts in the network. Since the organization is not very large, you are the only person working in the IT end of the company. It will be up to you to directly work on the systems throughout the network. You make a quick chart of the systems you know should be in the MegaCorp network:
Server0001, 10.10.20.101, Windows 2000 Server Server0010, 10.10.20.102, Windows 2000 Server Server0011, 10.10.20.103, Windows 2000 Server Server0100, 10.10.20.104, Linux (Red Hat 8.0) User systems, 10.10.100.100~10.10.100.200, Windows 2000 Professional The addressing that you recommended months ago is in place, and it follows a distinct logical pattern, you are hoping that no new systems are hidden in the network somewhere. In the company, you have been granted domain administrator rights, and no other user is authorized to have administrator, root, supervisor, or otherwise privileged level of access. All the Windows systems are to belong to one windows domain called SCNA.edu. Users are no longer allowed to install unauthorized applications, and are all to use the file servers for storage. Although they have the ability to do so, users are not supposed to store any work data on their local systems. The servers are located in a server cabinet that is inside your office, so you decide to start working there. Using your knowledge of MegaCorp select the best solution for hardening the MegaCorp operating systems:}
The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You havedecided to implement an Intrusion Detection System. You bring this up at the next meeting. "After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin. "We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating. "I realize that the budget is tight, but this is an important part of setting up security." You continue, "If Icannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market."As expected, your last comment got the group thinking. What about false alarms?" asks the VP of sales, "I hear those things are always goingoff, and just endup wasting everyone" time.""Tha's a fair concern, but it is my concern. When we mplement the system, I will fine tune it and adjust t until the alarms it generates are ppropriate, and are generated when there is egitimately something to be concerned about.We are concerned with traffic that would indicate anattack; only then will the ystem send me an alert." or a few minutes there was talk back and forth in the room, and hen the CEO responds again to your nquiry, "I agree that this type of thing could be helpful. But, we simply don have any morebudget for it. Since it is a good idea, go aheadand find a way to implement this, but don't spend any oney on it."With this nformation, and your knowledge of MegaCorp, choose the answer that will provide the bestsolution for the IDS needs of MegaCorp:}
It has been quite some time since you were called in to address the network and security needs of MegaCorp. You feel good in what you have accomplished so far. You have been able to get MegaCorp to deal with their Security Policy issue, you have secured the router, added a firewall, added intrusion detection, hardened the Operating Systems, and more. One thing you have not done however, is run active testing against the network
from the outside. This next level of testing is the final step, you decide, in wrapping up this first stage of the new MegaCorp network and security system. You setup a meeting with the CEO to discuss. "We have only one significant issue left to deal with here at MegaCorp," you begin. "We need some really solid testing of our network and our security systems." "Sounds fine to me, don't you do that all the time anyway? I mean, why meet about this?" "Well, in this case, I'd like to ask to bring in outside help. Folks who specialize in this sort of thing. I can do some of it, but it is not my specialty, and the outside look in will be better and more independent from an outside team." "What does that kind of thing cost, how long will it take?" "It will cost a bit of money, it won't be free, and with a network of our size, I think it can be done pretty quick. Once this is done and wrapped up, I will be resigning as the full time security and network pro here. I need to get back to my consulting company full time. Remember, this was not to be a permanent deal. I can help you with the interview, and this is the perfect time to wrap up that transition." "All right, fair enough. Get me your initial project estimates, and then I can make a more complete decision. And, Il get HR on hiring a new person right away." Later that afternoon you talk to the CEO and determine a budget for the testing. Once you get back to your office, you are calling different firms and consultants, and eventually you find a consulting group that you will work with. A few days later you meet with the group in their office, and you describe what you are looking for, and that their contact and person to report to is you. They ask what is off limits, and your response is only that they cannot do anything illegal, to which they agree and point out is written in their agreement as well. With this outside consulting group and your knowledge of the network and company, review and select the solution that will best provide for a complete test of the security of MegaCorp.}
By now, you are feeling confident that the security of the MegaCorp network is getting under control. You are aware that there are still several critical areas that you must dealwith, and today you are addressing one of those areas. You have been able to take care of the router, firewall, security policy, and intrusion detection, now you are concerned with some of the hosts in the network. Since the organization is not very large, you are the only person working in the IT end of the company. Itwill be up to you to directly work on the systems throughout the network. You make a quick chart of the systems you know should be in the MegaCorp network:
Server0001, 10.10.20.101, Windows 2000 Server Server0010, 10.10.20.102, Windows 2000 Server Server0011, 10.10.20.103, Windows 2000 Server Server0100, 10.10.20.104, Linux (Red Hat 8.0) User systems, 10.10.100.100~10.10.100.200, Windows 2000 Professional The addressing that you recommended months ago is in place, and it follows a distinct logical pattern,you are hoping that no new systems are hidden in the network somewhere. In the company, you have been granted domain administrator rights, and no other user is authorized tohave administrator, root, supervisor, or otherwise privileged level of access. All the Windows systems are to belong to one windows domain called SCNA.edu. Users are no longer allowed to install unauthorized applications, and are all to use the file servers for storage. Although they have the ability to do so, users are not supposed to store any work data on their local systems. The servers are located in a server cabinet that is inside your office, so you decide to start working there. Using your knowledge of MegaCorp select the best solution for hardening the MegaCorp operating systems:}
Blue thanks you for your plan and design and took it into consideration. You are then informed that Orange has gone ahead and made a new plan, which will incorporate some of your suggestions, but is going to build the network a bit differently. In Testbed and in each remote office there will be a single self-sufficient CA hierarchy, one that is designed to directly integrate with the existing network. Orange mentions that the hierarchy is only to go two-levels deep, you are not to make an extensive hierarchy in any location. This means a distinct CA hierarchy in six locations, inclusive of the Testbed headquarters. Using this information, choose the solution that will provide for the proper rollout of the Certificate Authorities in the network.}