Security代写:NCC32 Smith and Jones Auctions

分析关于Auction案例中的安全隐患。

Auction

Scenario

As the world’s largest industrial auctioneer, Smith and Jones Auctioneers conducts hundreds of live unreserved public auctions of used heavy equipment, trucks and industrial components every year. Auctions take place at more than 60 auction sites in North America, Europe, the Middle East, Asia, and Australia. More than half of bidders participate online, at www.SandJauction.example.com.

The company works hard to keep the network fast and free of infections. Malware can prevent customers from bidding online and can expose sensitive information. “We need to give customers confidence that online bidding is safe and secure,” says Milo, senior network security specialist for Smith and Jones. “Their first experience has to be good.” A common source of infections is when employees or customers unknowingly click links to malicious websites. Smith and Jones had tried using a web-filtering application at the head office. “The trouble was that routing web traffic from all 60 sites to one location slowed down critical business applications,” says Milo. Routing all web traffic through Canada also meant that customers at auction sites around the world could only use Canadian search engines. Smith and Jones. decided to give each auction site its own Internet connection for web traffic but the company wanted to centrally control web security for all auction sites.

Additionally, the company intends to confidently offer guest Wi-Fi access at all auction sites. Customers like being able to connect with their phones or tablets to browse the web and check email. They can also bid online for items at other auction sites, increasing sales. Auction sites expect as many as 500 people to connect over Wi-Fi at the same time.

Key Challenges

  • Adding two new sites (Manchester & Mexico City) and using the new sites as prototypes for all other Smith and Jones auctions sites
  • Connect sites through to main site in Toronto
  • Prevent network outages and protect sensitive information
  • Provide great experience for employees and customers
  • Minimise workload for small IT team
  • Offer a Site Security Solution
  • Improve/Future proof WAN performance
  • Identify and design Wi-Fi BYOD systems

Task 1 - Risk Assessment

a) Analyse the scenario and identify what you consider to be the 5 most important electronically held information assets for the Smith and Jones. Justify your decision. You will need to make some reasonable assumptions here, since the scenario is brief.
This section of the report should be approximately ONE HUNDRED AND FIFTY (150) words.

b) Create a table (see below) which lists the assets. For each asset identify the main security threats that you think could affect its confidentiality (C), integrity (I) or availability (A). Remember, threats can be accidents as well as malicious.
There are likely to be multiple threats for each asset and the same threats are likely for several assets.

Asset Threat CIA? Likelihood Impact Risk
E.g. Personal data Server failure A Low Medium Low
E.g. Personal data Employee theft C Low High Medium

c) Complete the columns of the table by assessing the likelihood of the threat being successful and the impact that it would have on the company. In this scenario you should consider Low/Medium and High definitions as follows:

Likelihood
Low Less than once per year
Medium Once per year to once per week
High Several times a week
Impact
Low Inconvenience may affect operation for a day or two
Medium Operation may be impacted for over a week, loss of customers
High Company may not survive - lost reputation and customers

d) Now complete the Risk column by using the following Risk matrix.

Task 2 - Controlling the risks - Explanation

Once you have identified the highest risks, you need to make recommendations of how to control those risks, i.e. what security you will put in place.

  • a) Discuss each of the threats you have identified and explain what security you recommend they use to reduce the risk and justify your choice.
  • b) Discuss why there will be a need for encryption and state the protocol or encryption algorithm that you recommend.

This section of the report should be approximately NINE HUNDRED (900) words.

Task 3 - Setting up the VPN

  • a) Explain the two site-to-site VPN connection options for using either the Intranet or Extranet outlining the differences and benefits. You should make recommendations regarding which option would be the best option for Smith and Jones auctions to their branch sites and justify your recommendation.
  • b) Draw a diagram, showing the components that will be needed to create the site- to-site VPN connection between Main site and the Mexico City and Manchester branches. Each client PC need not be shown, but all other components should be included.
  • c) As part of the security features of using a VPN, discuss the use of Firewalls and the rules they use.

This section of the report should be approximately SIX HUNDRED (600) words.

Task 4 - Maintaining Security

Explain any actions you would recommend for ensuring security is taken seriously across the partnership by all users and how you would monitor the effectiveness of the Information Security Management System.

This section of the report should be approximately ONE HUNDRED AND FIFTY (150) words.

Task 5

Using the Rolfe, G., Freshwater, D. and Jasper, M. (2001) model, critically review the learning that you have undertaken in order to complete this assignment.

Based upon your learning, your reflection should include a description; an analysis and; an action plan in order to bring about improvements in the future.

Submission requirements

  • The report should be professionally presented, checked and proofed. In addition, the report should be presented in a format and style appropriate for your intended audience. You must also include a list of references and you must always use correct Harvard referencing and avoid plagiarism throughout your work.
  • Your answers to the tasks should be combined in a single word-processed report with an appropriate introduction. The report should be 1750 words +/- 10% in length (excluding tables).
  • Familiarise yourself with the NCC Education Academic Dishonesty and Plagiarism
    Policy and ensure that you acknowledge all the sources which you use in your work.
  • You must submit a paper copy and digital copy (on disk or similarly acceptable medium).
  • Media containing viruses, or media which cannot be run directly, will result in a fail grade being awarded for this module.