You have persuaded XelPharm’s CIO that wireless networking would benefit many of the company’s employees. However, he requests that you plan the network carefully and begin with a pilot network before migrating hundreds of clients to use wireless technology. You decide to begin with a pilot network in the distribution facility. The distribution facility is 200 feet long by 120 feet wide. It houses 45 employees during each shift, all on the same floor. What is your first step in planning the pilot network? As part of your later planning, draw the network, including the quantity and optimal placement of access points. What pitfalls, some unique to this environment, are you careful to avoid? What wireless standard do you recommend and why?
Case Project 11-1: Securing the LAN of a credit union (2 pts)
The security checklist should include at least following checks:
– List of physical access to the server room with access justification.
– List of people, who received the security policy, checked against the list of current employees.
– Security policy up-to-date, single entry signature sufficient, additional training course on security required?
– Remote Access Server Settings check (Policy for timeframes, password complexity, frequency of change)
– Web server settings check
– Firewall Settings check, firewall policy check
– Check for second location firewall deployment
– Second location: Restriction to physical access to the server
– Check workstation settings (central policy deployed?, correct settings restricted?)
– Standard procedure in case of security breach existing? Does it include all identified risks and the associated mitigation plans.
A good approach to a better training is to go beyond formalities. A signed security policy doesn’t mean that the people understand the importance of a secured network. A development of a separate training course in order to explain the reasons for the different aspects of the enforced security measures will lead to less security exposure and better compliance to the security policy.
Case Project 11-2: Securing the WLAN of a credit union (2 pts)
Establish encryption for the WLAN access points. The encryption deployment activities include the use of a strong encryption (wp01A or wp01A2), the change of the default network name, creation of a MAC address access restriction list. Review the physical access to the WLAN routers and ensure camera surveillance for the access points, if physical access can’t be restricted.
A separate wireless security policy should be established for employees, which will include acceptable use, antivirus, identity, password and remote access policy and email standards.
Implement a VPN solution and place the wireless network on a separate VLAN.
Case Project 11-3: Troubleshooting VPN issues (2 pts)
Requirements New Branch Office VPN Solution
Physical Access Needs to be implemented. Physical access restrictions are already implemented in the headquarter.
Internet Connection A broadband network to be rented. For 10 people the broadband network of the headquarters can be used.
Network Equipment Has to be organized. No additional costs, if VPN volume licenses are available.
Network Hardware Additional file server might be required. No additional hardware required.
Additional Laptops No cost for additional laptops. New laptops have to be leased.
Application Security Higher, because of the controlled physical location. If a laptop is lost or stolen, this is a risk to the security. Additional risk mitigation plans have to be in place.
The decision between wireless and traditional branch office is mainly on 2 factors: the scale of the network expansion (how many people will use the extended network) and on the kind of use – if the people will work mostly within the office or as travellers, they will benefit more from a remote access to the network. Based on the factors listed in the table and the intention to deploy a solution for 10 users, the VPN seems to be more cost-effective and will require less maintenance.