Now that you have a fully functioning CA hierarchy in each location, and that the trusted network is well underway, you are called in to meet with Blue. Blue comes into the room, and you talk to one another for a while. It seems that now with the CA hierarchy in place, you need to plan the certificate rollout for the individual users and computers in the network. Since this is the executive building, Blue places higher security requirements here than on the otherbuildings. Certificates need to be issued to all the entities, computers and users, in the network.Blue has decided that for all senior level management, the process for certificate issuance should be even more secure than the rest of the deployment. Based on this information, and you understanding of the GlobalCorp environment, choose the best solution to assigning certificates to the computers and users of the trusted network in the Executive building:}
Now that you have a fully functioning CA hierarchy in each location, and that the trusted network is well underway, you are called in to meet with Orange. Orange comes into the room, and you talk to one another for a while. It seems that now with the CA hierarchy in place, you need to plan the certificate rollout for the individual users and computers in the network. Since this is the executive building, Orange places higher security requirements here than on the other buildings. Certificates need to be issued to all the entities, computers and users, in the network. Orange has decided that for all senior level management, the process for certificate issuance should be even more secure than the rest of the deployment. Based on this information, and you understanding of the GlobalCorp environment, choose the best solution to assigning certificates to the computers and users of the trusted network in the Executive building:}
The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You havedecided to implement an Intrusion Detection System. You bring this up at the next meeting. "After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin. "We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating. "I realize that the budget is tight, but this is an important part of setting up security." You continue, "If Icannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market."As expected, your last comment got the group thinking. What about false alarms?" asks the VP of sales, "I hear those things are always goingoff, and just endup wasting everyone" time.""Tha's a fair concern, but it is my concern. When we mplement the system, I will fine tune it and adjust t until the alarms it generates are ppropriate, and are generated when there is egitimately something to be concerned about.We are concerned with traffic that would indicate anattack; only then will the ystem send me an alert." or a few minutes there was talk back and forth in the room, and hen the CEO responds again to your nquiry, "I agree that this type of thing could be helpful. But, we simply don have any morebudget for it. Since it is a good idea, go aheadand find a way to implement this, but don't spend any oney on it."With this nformation, and your knowledge of MegaCorp, choose the answer that will provide the bestsolution for the IDS needs of MegaCorp:}
You go back through your notes to the day that you recommended that the company get a firewall in place. Purple had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not oing to be based on direct cost. ased on your knowledge of and the information you have from MegaCorp, elect the best solution to the rganization firewall problem:} A. You decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement wo firewalls, each with two network cards. From one Ethernet nterface of the outer, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to Microsoft ISA firewall. he Checkpoint firewall is connected via one NIC to the router, and the other NIC is nnected to the Web and TP Server. The Microsoft ISA Server is connected via one NIC o he router nd the other NIC is connected to the LAN switch. ou perform the following steps and configurations to setup the firewalls:
1.First, you configure the IP Address on both network cards of both firewalls.
2.Second, you select the Floodgate-1, SMART Clients, and Policy Server as the only components to install and omplete the installation of Checkpoint.
3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.
4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of icrosoft ISA Server. 5.Fifth, you allow all outbound traffic through the ISA Server. 6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.
You go back through your notes to the day that you recommended that the company get a firewall in place. Red had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not going to be based on direct cost. Based on your knowledge of and the information you have from MegaCorp, select the best solution to th organization firewall problem:}