TicTek Inc is a small company with about a hundred employees and one facility. The company sells home security electronics online. The devices are manufactured by a third party company and shipped to TicTek, whereupon they are warehoused until they are purchased through the company’s website. The warehouse staff prepares and ships customer orders in the same facility which houses the office staff and management. TicTek has a few major stockholders, but the majority of the company’s stock is owned by its executives and employees. Due to the online nature of the company’s business dealings, TicTek has placed a high priority on the security of network resources, including vendor data, customer data, high availability, and incident response. Mr. Tic, the CEO, has recently requested a security proposal from the IT department to formally put into place a comprehensive security plan to keep the company’s network secure.
Technical Security Aspects
In creating an effective security policy, it is important to identify what needs to be protected, and the likelihood of attack for each network device. The lifeblood of TicTek is its online sales; therefore it is vital to protect the company’s web servers and payment processing server, bearing in mind confidentiality, integrity, and availability. A vulnerability assessment will need to be conducted before and after technical security measure are in place for the purpose of identifying specific network vulnerabilities. According to Joseph Migga Kizza (2011), “Vulnerability assessment is a periodic process that works on a system to identify, track, and manage the repair of vulnerabilities on the system” (p.139). Thereafter, a vulnerability assessment will be scheduled every six months to identify any new threats to the network. The network and its servers will be protected by the use of an intrusion detection system (IDS), firewalls, and anti-malware programs.
Firewalls will be placed between the web servers and the outer edge of the network, facing the Internet. Such a configuration, called a demilitarized zone (DMZ), will provide an additional layer of defense from a network breach. If the web servers are compromised, there will be an additional barrier between them and the intranet. The firewalls will be configured to deny everything, and then the ports that are needed for the functioning of the network will be allowed. For the sake of expense and administrative simplicity, the firewall will be a stateful packet filter firewall, as opposed to an application proxy firewall, which would offer higher security and configurability at the expense of administrative complexity due to the need for a proxy for each application in use by the company. The packet filtering firewall filters traffic based on predefined rules.
A network based IDS will be used on all network subnets and the system will be anomaly based. An anomaly based IDS is preferable for its ability to detect zero day attacks. With a signature...