Operating System Security – Case Study on Network
We were given a case study and we had to write security policies and design a network architecture to provide security to the internal and external network.
You have been named the CIO for a regional retail company which has 17 stores and its own distribution network with five warehouses. Your responsibility is to come up with a plan for the network infrastructure, which includes number of servers, network security devices, desktops, laptops and handheld devices. The plan should be carefully crafted to show all the necessary details in crafting the security policies, and mechanisms to enforce the policies for the IT of the retail company. An understanding of the security issues the company is facing in order to conduct its business has to be reflected in the security aspects of the infrastructure (you should justify why a security measure is taken and how it will affect the business of the retail company).
The retail company has 17 locations within Northeast region of the United States and five warehouses. There is also the headquarters, which is located in an adjacent building to one of the warehouses. The store network consists of a main site, a backup site and 22 sites, one for each store and warehouse. All the store and warehouse sites are connected to the main site as individual networks. The store sites need to have access to the central database of the firm besides their own databases. Each of the stores has roughly 30 employees except for the headquarters which has 100. The warehouses have 50 employees each, 30 of which are delivering and installing products at the customer residence. These employees work in teams of two, use trucks and have mobile access to the base warehouse through an ISP. Given the nature of the business, all the employees in the stores require internet access. Email services are required as well. The store uses customized software to interface to the databases and has a web interface to interact with the customers. Each store and warehouse has its own database but periodically the information from this database updates the main database. However, the management, which is located at the headquarters, must have access to all the information. The Human Resources department has its own database and so does the payroll department. Each of these departments has a staff of 10 people and does not need access to the other databases. The IT department employs roughly 30 people, 10 of which are located at the headquarters. . The software development for the bank is partly done at the headquarters by a group of 10 developers and partly outsourced to a large software development firm.
Your plans should contain detailed information of how the access to networks at the branches, at the headquarters and at the backup site will be controlled. Physical security should also be addressed. Given the diverse staff employed by the firm, it is necessary to have detailed policies regarding file access, system access, documents access, systems and network security. Choices of OS, security software and hardware have to be justified. Vulnerability analysis is also done every year.
Download Case study in doc Fromat