Sie sind auf Seite 1von 7

Access Control Proposal Project

Access Control: IS404


By

Edward M. Funke November 28, 2011

TABLE OF CONTENTS
1 INTRODUCTION 1.1 Project Title 1.2 Project Schedule Summary 1.3 Project Deliverables 1.4 Project Guides 1.5 Project Team Members 1.6 Purpose 1.7 Goals and Objectives 2 Risks and Vulnerabilities 2.1 Overall 2.2 Billings, Montana 2.3 Sao Paulo, Brazil 2.4 Warsaw, Poland 3 Proposed Budget 4 IDI Proposed Solution 4.1 Billings, Montana 4.2 Sao Paulo, Brazil 4.3 Warsaw, Poland 5 Drawings 6 Conclusion

1 INTRODUCTION
1.1 Title of the project
Access Control Proposal Project

1.2

Project schedule summary


The project will be a multi-year phased approach to have all sites (except JV and SA) on the same hardware and software platforms.

1.3

Project deliverables
Solutions to the issues that the specifies location of IDI is facing Plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability Assessment of strengths and weaknesses in current IDI systems Address remote user and Web site users secure access requirements Proposed budget for the projectHardware only Prepare detailed network and configuration diagrams outlining the proposed change Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and management aspects from each location.

1.4

Project Guides
Course Project Access Control Proposal Guide Juniper Networks Campus LAN Reference Architecture

1.5

Project Members
Edward M.Funke, IT Architect and IT Security Specialist Ricardo Gonzales, Chief Information Officer (CIO) Members of the Technology Staff

1.6

Purpose
This project is done as a part of fulfillment of the course IS404 (Access Control,

Authentication, and Public Key Infrastructure). It is a proposal for improving IDIs computer network infrastructure. This project is intended to be used by IDIs information security team to developing a plan to improve IDIs computer network infrastructure at multiple locations.

1.7

Goals and Objectives


1st Objective

o To assess the aging infrastructure and then develop a multi-year phased approach to have all sites (except for JV and SA) on the same hardware and software platforms.
2nd Objective

o The core infrastructure (switches, routers, firewalls, servers and etc.) must capable of withstanding 10 15% growth every year for the next seven years with a three-to-four year phased technology refresh cycle.
3rd Objective 4th Objective 5th Objective 6th Objective 7th Objective

o o o o

Solutions to the issues that the specifies location of IDI is facing


Assessment of strengths and weaknesses in current IDI systems Address remote user and Web site users secure access requirements Prepare detailed network and configuration diagrams outlining the proposed change

o Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and management aspects from each location.
8th Objective

o A comprehensive network design that will incorporate all submitted requirements and allow for projected growth.
9th Objective: 10th (Final) Objective:

Final testing of all installed hardware, software, and network connectivity.

o Initialization of the entire network and any last minute configuration adjustments to have the network up and operating within all specified ranges.

Risks and Vulnerabilities


2.1Overall:
There is a hodgepodge of servers, switches, routers, and internal hardware firewalls. Each of the organizations locations is operating with different information technologies and infrastructureIT systems, applications, and databases. Various levels of IT security and access management have been implemented and embedded within their respective locations. The information technology infrastructure is aging and many locations are running on outdated hardware and software. Also, the infrastructure is woefully out-of-dated in terms of patches and upgrades which greatly increase the risk to he network in terms of confidentiality, integrity, and availability.

2.2 Billings, Montana:

Logisuite 4.2.2 has not been upgraded in almost 10 years. Also, over 350 modifications

have been made to the core engine and the license agreement has expired. Progressive upgrading to the current version will be required. As a result, renewing this product will be extremely cost and time-prohibitive. RouteSim is a destination delivery program used to simulate routes, costs, and profits. It is not integrated into Logisuite or Oracle financials to take advantage of the databases for real-ime currency valuaion and profit or loss projections. IDIs office automation hardware and software has not been standardized. Managers have Other software problems include early versions of MS Office 5, WordPerfect 7.0, and Telecommunications has not been since the company moved its current headquarters 15 too much liberty to buy what they want according to personal preferences. PC-Write that are not compatible.

years ago. This has left many of the new features for telecommunications lacking and not integrated with the customer service database to improve call management efficiency. The generic system was acquired from a service provider who is now out of business.

Policies for personal devices are being ignored by many of the executives who have local

administrators install the clients on their unsupported, non-standard personal laptop computers and workstations that interface with the internet. These devices The original WAN was designed by in the early 2000s and has not been upgraded. During peak periods, usually between September and March, the capacity is insufficient for the

organization resulting in lost internet customers which further reduces growth and revenue. Telecommunications works through a limited Mitel SX-2000 private automatic branch exchange (PABX) that only provides voice mail and call forwarding.

2.3 Sao Paulo, Brazil:


This office is a model of standardization. No major problems found Vendors unwilling to sign service agreements. VPN uses a common six-character password used by all office personnel and the shipping and receiving departments. No anti-virus or malware is installed, as hackers have never attacked the location.

2.4

Warsaw, Poland

This is the largest office based on number of employees, strategically located to assist IDI for major growth in the Middle East and Asia, and the home portal for expansion and geographical client development, yet there is insufficient computing power to stay afloat on a dayto-day basis. The primary freight forwarding application is almost 10 years old and does not interface with the McCormack dodge accounting and finance system There are 6 Web servers (4 are primary and 2 fail during clustered load balancing) The cafeteria sponsors a public wireless network running WPA (Wi-Fi Protected Access) with no password protection. Telecommunications is an 8 year old Siemens Saturn series PBX, some of whose features have become faulty. The desktop phones have not been replaced or upgraded during this time. There is a lack of separation of duties between the network operations and the accounts receivable department and there is evidence of nepotism and embezzlement.

3 IDI Proposed Solutions


3.1 Billings, Montana

Consolidate 14 Hewlitt-Packard (HP) Unix servers to 1 Unix server Upgrade 75 Microsoft (MS) Windows servers to Windows server 2008 R2 Upgrade MS exchange e-mail to latest version Find another software vendor to replace Oracle financials for accounting and Hire developers to standardize the office automation hardware and software. Convert telecommunications system to a VOIP system Design and implement a new Acceptable Use Policy (AUP) Upgrade WAN to a T1 MPLS to increase bandwidth

financial systems, Logisuite 4.2.2, RouteSim

4.2 Sao Paulo, Brazil


Sao Paulo has no majors problems Virtualize and upgrade to Windows server 2008 Convert telecommunications system to VOIP Install Anti-virus Train personnel on Acceptable Use Policy Hire additional technicians

4.3 Warsaw, Poland


Find a new proxy server to replace the IBM Infinity hardened served Hire a new in-house application developer Convert the Siemens Saturn series PBX telecommunications system with desktop Enforce the current Acceptable Use Policy (AUP)

phones to a VOIP system

Das könnte Ihnen auch gefallen