Reference no: EM133702101
Background:
You have just been placed in charge of the IT department for a growing company called XPC that deals with other a customer base located locally and domestically. There are 15 roaming employees employed.
Prior to you coming on board, they didn't have any IT staff and hired contractors to do the work.
The information stored on your local servers is very confidential. Your company's employees do a lot of travelling both domestically and internationally. XPC has just received a shipment of brand-new, Windows based laptops to provide their employees with. Data is stored locally and then backed up to the server when the laptops connect to a network.
As XPC employees need to travel frequently, their main mode of data communication connecting back to the main server is to use whatever wireless connections are available.
No database has been put in place to track the assets.
You have been provided with a network diagram which provide you with the following:
• the current location of all the laptops in use by staff
• The current security in place on your network
Goal of this project:
You have been tasked with auditing this network and all the equipment in an effort to improve security.
To complete this task, you will need to create a report on your audit. Your report must contain the following:
• Title Page
• Table of Contents
• Plan
• Identifying and valuing XPC's assets
• Identifying and modelling the main threats
• Implementing and testing solutions to these main threats
• Conclusion
Section 1: Planning
Before you undertake your audit on this network, you need to determine the steps required to conduct this audit.
Write a 4-step plan that you can use on this network audit to assist you in identifying key elements to manage any potential risks on this network (4 elements - 5-15 words per element)
Section 2: Identifying and Valuing Assets
Your first task is to create a database to audit the devices owned by XPC.
Create a table showing the following information:
a) List the assets owned by XPC
b) Categorise each device using their device type
c) For each device category, identify a potential threat and explain how this threat could occur (10-25 words per threat) - Please note your identified threats for any networking device types must be resolvable in Packet Tracer in Section 3
d) Determine the potential origin of this threat to this device type (Internal or External)
e) Value them in terms of importance to the organisation - High/Medium/Low and provide a brief explanation why you valued it this way (5-20 words)
f) Cost - The cost for each device has been added to the topology. Add the cost of the devices together and calculate their total at the bottom of this column
Section 3 - Threat Modelling
You have been asked to design a threat model for the threats you identified in Task 1.
Design a threat model that does the following:
• Grades the threats based on at least 3 different categories
• Rates the likelihood of that threat occurring
• Provides a solution on handling the identified threats. (10-20 words per solution)
Section 4: Implement and test solutions
Section 4a:
Prior to implementing your solutions from section 3 across the whole network, you have been asked to pilot them only on 3 different devices.
Using the table below, identify 1 router, 1 switch and 1 WAP that you will apply your solution to. Explain how you will be implementing this solution on these devices in the left column and write the device name in the right column.
Section 4b
Now that you have identified the devices, Use the topology provided to implement the solutions to the devices you have selected in Section 4a.
You will be required to note the implemented security using the note tool on Packet Tracer. Place each note next to your selected devices listing the implemented solution.
Section 4c
Once you have implemented your solutions, you need to create a series of tests to validate whether the solutions have worked.
Each solution will need to have 2 tests:
• One test should test to ensure the security correctly allows authorised devices/people.
• One test should test to ensure the security correctly blocks unauthorised devices/people.
For each test provide an explanation on how the tests are to be conducted. You are not to describe what the expected outcome should look like (5-15 words per test)
Once you have created your tests, you must swap your tests and completed topology with another student of your choosing. The idea is for each student to run the tests as written and provide verbal feedback on the outcome and modifications required. Populate the feedback in the remaining fields with the following information:
• Test Outcome Success - Was the outcome successful: Yes/No. If not, why? (10-15 words per test)
• Modifications required - Based on the outcome of the test, were you required to make modifications to the network? :Yes/No. If not, why? (10-15 words per test)
At the bottom of your completed table, add the following information:
Tests for this network run by: *Insert other student's name here
I conducted testing on *Insert other student's name here* network.
Section 5: Conclusion
Provide a summary explaining how the tasks undertaken in this audit have made the XPC's network more secure. (50-75 words)
Provide an area for the management of XPC to sign off this report.
Where
You will be undertaking this assessment for 4 weeks during Scheduled class time and out class times. A date will be provided by the assessor on Blackborad. You will be provided some class time to work on this assessment, however, it is expected that the majority of this assessment will be completed outside of class.
How
This is an individual assessment. Youi will be assessed against the criteria listed in the marking guide in Section B of this task. To achieve a satisfactory result, you will need to address all criteria satisfactorily and submit work by the date specified by the assessor.
Note: Don't need to do section 4