1. WHAT WE ARE & WHAT WE DO
(Slide 3)
ABC Worldwide: Leading video editing
and advertising Co.
6 Worldwide Design Centers
Headquartered in San Francisco, CA.
Services we provide:
-Corporate videos
-Commercials
-Movie films and trailers
-Web sites
2. Background and Development
(Slide 4)
In 2014 our talented team formed as
a creative collaboration between
long-time friends who decided to
start up a multimedia company, with
a mission to satisfy our clients and
customers’ needs.
3. Company Information (Slide 5)
Name: ABC Worldwide
Address: 600 Ruth Ave, San Francisco,
CA 94107
Phone: (415) 552-0000, Fax (415) 552-
0001
Annual Sales: $450 Million
Employees: 1560
Employees at Headquarters: 300
Primary Business: Video Editing &
Advertising
4. NETWORK CRITERIA (SLIDE 7)
Redundancy:
If one part of the network goes down its twin will
automatically take over.
Separation:
If one area of the network is compromised than the rest of
the network is still sealed off.
Speed:
We value our client’s time and the productivity of our
employees. We strive to provide the tools to use both as
efficiently as possible.
Scalability:
The modular layout of the network will allow easy addition of
network equipment to seamlessly facilitate our growth.
Testing and Quarantine:
Our network will have a safe environment to quarantine and
evaluate malware and test new operating systems and drivers
for any possible problems before being deployed throughout
the network.
5. WIDE AREA NETWORK (SLIDE 8)
What the WAN is:
The WAN consists of a Headquarters and Main Design center in a single
building in San Francisco. Five other Main Design centers will be
located in Detroit, Tampa, Sao Paulo, Paris and Tokyo. Three separate
sales branches will be located in Washington, Indianapolis and London.
A Data Center will also be located as near to the Headquarters as
possible.
How the WAN will communicate:
The WAN will communicate using two technologies. The Main Design
Centers will communicate with the Headquarters using Point To Point
connections while the separate sales branches will use VPN (Virtual
Private Network) technology to communicate.
All the buildings will be located in areas with fiber optic service to the
extent possible. This will facilitate communication on a SONET
(Synchronous Optical Network) with download speeds of 100 Mb/s to
300 Mb/s depending on Internet Service Provider options.
Subnets:
All of the Design Centers and branches will be on their own IP sub nets.
6. FORWARD FACING NETWORK (SLIDE 9)
Router:
The router will be completely isolated by firewalls on all sides.
This will include insulation from both the Internet as well as all
network devices.
Network Separation:
The network devices such as servers and the SAN will be
further isolated from the workstations and their switches. The
active directory domain controller will also be separated from
the SAN. This is due to the fact that the Active directory
domain controller will be hosting the VPN. Any security breech
will be kept isolated from the rest of the network.
Redundancy:
All routers, firewalls and servers will be duplicated and linked
together in the event that one goes out.
Speed:
All of the cabling in the network will be 10 BASE-T Cat 6. This
will support a bandwidth of 10 Mb/s. The SAN components will
be linked together with fiber.
7. CLIENT FACING NETWORK (SLIDE 10)
Network Separation:
The client facing switches will be separated from the router and the servers.
Redundancy:
All switches will be duplicated and linked together in the event that one goes
out.
Speed:
All of the cabling between the switches and the workstations will be 10 BASE-T Cat 6.
This will support a bandwidth of 10 Mb/s.
VTP: VLAN Trunk Protocol:
The client switches will be trunked over to the server switches where data
can go either to the servers or out into the internet.
Having a VTP will reduce the amount of administration needed to set up,
configure and maintain the switches. All of these tasks will be done in the
VTP server switches and replicated to all of the client switches. All of the
switches will be layer three allowing for independent VLANS for Voice over IP,
data and a separate VLAN for clients and vendors who may need access to
the network.
The IT staff will also have a dedicated VLAN as well. IT will be on VLAN 0
while VoIP will be on VLAN 10, Data on VLAN 20 and Client/ Vendors will use
VLAN 30. This will add extra security as well.
8. NETWORK INFRASTRUCTURE WITH
SAN (SLIDE 11)Network Separation:
The SAN will be isolated from the rest of the network. The active
directory domain controller will also be separated from the SAN. This
is due to the fact that the Active directory domain controller will be
hosting the VPN. Any security breech will be kept isolated from the
rest of the network.
Redundancy:
All and servers and switches will be duplicated and linked together in
the event that one goes out. All serves will be RAID 5 which will
stripe data with parity over sets of three hard drives. The SAN
servers will be set up on RAID 10, striping and mirroring, and will use
sets of 4 hard drives. In addition, a tape server will provide data
backup.
Speed:
All of the cabling between the devices in the SAN and the network
will be multi mode fiber. Although multi mode fiber has the same
speed as Cat 6, 10 Mb/s, the extra bandwidth in fiber means that
more signals can be simultaneously sent at one time. Due to the
expense, the rest of the network will not be utilizing the technology
at this time.
9. VIRTUALIZATION (SLIDE 12)
Network Separation:
The servers carrying Hyper-V will be firewall separated from
the reset of the network. In addition to physical separation,
logical separation will be done using Microsoft Hyper-V. VM
Ware is another popular virtual software, however is made by
the same corporation as the server software and will have no
compatibility issues. If a virus completely corrupt the virtual
server it can just be deleted and another one re-created at the
last known good configuration, or mirrored over.
Redundancy:
The physical servers containing the Hyper-V servers will be
duplicated and linked together in the event that one goes out.
Testing:
Instances of all company used software can be set up and
tested on Hyper-V. Operating systems and drivers can be
deployed and studied as well as used to quarantine viruses.
10. DHCP SCOPE (SLIDE 13)
Headquarters:
IP addresses scope for Headquarters will be 10.60.10.01/16 to 10.60.14.254/16
10.60.10.01 to 10.60.10.10 will be reserved for routers.
10.60.10.11 to 10.60.10.254 will be reserved for servers, switches, firewalls and
WAPs.
10.60.11.01 to 10.60.11.254 will be set aside for printers and other
peripheral devices.
10.60.12.01 to 10.60.14.254 will be dynamically assigned.
Design Centers:
IP addresses will go from 10.60.16/16 forward on intervals of 5 in the third octet.
10.60.16.01 to 10.60.16.10 will be reserved for routers.
10.60.16.11 to 10.60.16.254 will be reserved for servers, switches, firewalls and WAPs
10.60.17.01 to 10.60.17.254 will be set aside for printers and other peripheral devices.
10.60.18.01 to 10.60.20.254 will be dynamically assigned
Sales Offices:
IP addresses will go from 10.60.50/16 forward on intervals of 5 in the third octet.
10.60.50.01 to 10.60.50.100 will be reserved for routers, switches WAPs and printers.
10.60.50.101 to 10.60.50.254 will be dynamically assigned.
Initially sales offices will be separated by intervals of 5 on the third octet but new sales
offices can be inserted in between those intervals if necessary.
11. SALES WORKGROUPS (SLISE 14)
Network:
All employees will be on WiFi. Two Wireless Access Points will be connected
by Ethernet to a central router. In the office all employees will communicate
with each other in an “ad-hoc” configuration with the router acting as the
hub in a star topology.
All DNS, DHCP and NAT functions will be provided by the router.
Mobility:
Sales employees are constantly on the go. Therefore they will be issued, in
addition to a laptop, a smart phone. Their smart phone service will include a
hot spot for their laptops so they can access the internet anywhere there is
cell service.
Security
All sales staff will be on a VPN.
Hot Spot Device:
Employees will be issued the iPhone 6s. We have to throw Apple a bone
somewhere. The service provider will be AT&T with the built in hot spot.
12. NETWORK SECURITY (SLIDE 50)
What Network Security IS:
Network security is any activity designed to protect the network. These activities protect the
usability, reliability, integrity and safety of network and data. What are the threats to a
Network? After defining the Network security, our project will focus in the first part of our
discussion on the company Policies and procedures that must be followed in order to protect
the company, and then we will move to the second paragraph by talking about software
security and in the last paragraph, we will talk about company hardware policies.
What threats to a Network are:
There are varieties of threats that want to enter and spread on the network. In these days
the threat on the internet is sophisticated hence, the need for adequate security to stop
them.
There are different kinds of network security threats.
These include: viruses, Trojan horses, spyware, adware, zero-day attack, and hackers attack,
denial of service attack, data interception theft and identity theft. We need to be able to
detect, protect and respond to these ever-changing threats.
Hardware Policies:
Hardware policies must be implemented to keep people from gaining access to devices they
have no authorization to have access to. These security policies also cover protecting areas of
the building where extremely important devices are located and contingencies for device
malfunction and catastrophic damage to network components.
13. Password Policy (Slide 51)
-Minimum 10 characters. (Password Length)
-A minimum of one number, one letter, one capitol letter and one
special character. (Complexity)
-Password must be reset every three months. (Life of Password)
-After three unsuccessful attempts the login will be locked and a
supervisor will have to unlock the account.
(Password Lockout Policy)
-Properly use privileges and permissions: Every computer or
every OS has users with different level of permissions and
privileges. The main user is administrator or the root
account in UNIX or Linux
14. Software Deployment Policy: (Slide 52)
Deployment of Operating Systems and Applications:
All Operating Systems and applications will be deployed
from the server rather than on the individual computer.
Virtual Servers Testing:
Before being put on the server for deployment, all new
and upgraded operating systems, applications and
antivirus software will be tested on the virtual server
beforehand.
Where Antivirus Software is Installed:
Antivirus software will be installed on all company servers
and workstations.
Company provided smart phones will not give employees
the ability to download applications.
15. Antivirus Specifications: (Slide 53)
Reporting:
Software will generate a report of any incidents to the IT
manager. IT will have the discretion as to reporting only
successful or successful and failed attempts.
Types:
Install anti Spyware and Malware (software that collect
information about user names, passwords etc.)
Site Advisor:
We will keep a data base of all the known and reported web
sites with potential problems.
Alerts will be sent out when attempts to access these websites
are made.
Norton Security:
Norton security will be used on all workstations to keep viruses
from corrupting files and bringing down the Operating System.
16. Hardware: (Slide 54)
Firewalls:
Firewalls must have the ability to block ports as prescribed by the IT department.
Firewall separation:
Firewalls will be used to separate the forward facing network from the internet, the
workstations from the SAN and the SAN from the servers hosting the Hypervisor.
WAP:
The Wireless Access Points will have their broadcast turned off.
WAPs will be on a separate LAN.
Once installed any factory WAP credentials will be changed.
Routers:
Routers will have their broadcast turned off.
Routers will have WPA2 encryption using the AES encryption protocol.
Only secure ports including Secure Sockets Layer will be used.
Switches:
Quality of Service will put priority on Voice followed by Data and then Video. This will be
accomplished through separate LANs. Any factory set passwords on the switch will be
changed.
Proxy Server:
Proxy servers will be used to filter accessible web sites, obtain credentials from employees
before going to the internet, monitor bandwidth usage and have their own antivirus software
installed.
Install Site Advisor that will prevent from logging to the bad sites.
17. ACCEPTABLE USE POLICY: (Slide 55)
Properly use privileges and permissions:
Every computer or every OS has users with different level of permissions and privileges. The
main user is administrator or the root account in UNIX or Linux
Under the main administrator account create a hierarchy like user account with different
level of permissions and authorizations.
Web Browsers:
Web browser and Internet explorer: Web browsers are programs that we use to access web
page such google chrome, Firefox, internet explorer and apple safari. The risk with internet
explorer is that it allows you not only to surf the net but also to connect to others computers
in the way that other web browsers don’t. Therefore it will be easy for hacker to connect to
your computer thru the internet explorer.
Secured session:
Have time and date security, allow connection to the server only on a précised time and date.
For instance only allow connection to the network between 7am -10 am. Also set up a length
of the session. For instance, the session will automatically log off after 5 minutes of inactivity.
Hardware Policies
Only authorized personnel will have access to equipment. All workstations will remain
locked when the employee leaves his area.
The server room and computer closet shall remain locked at all times.
No network devices other than company issued mobile devices shall be taken out of the
building without express permission from IT management. They must be first checked in
with IT before being put back into the network.
19. PRIVILEGES AND PERMISSIONS: (Slide 57)
Consumer:
Search, view, copy, documents.
Contributor:
Create documents and folders, Modify documents and
VDs.
Coordinator:
Create cabinets and VD, view hidden documents.
System Administrator:
Access and Manage content servers, Repository, Users
and Groups.
20. COMPANY:
-ITWatchdogs.com
WHAT IS MONITORED:
-Temperature, Humidity, Leaks, Smoke, Power, 5V
Analogue/Sensor Changes.
How Anomalies are Logged:
-SNMP, Audible Alarms, Output Relays, email
alarms, Text messages.
Surveillance:
-Up to 4 IP cameras can be monitored.
Configuration:
-Any sensor can be configured to your choice.
21. CompuCom:
-Look for outages
-Analyze multiple calls coming in from the facility:
-Monitor and alert in case of fiber break.
-Monitor when server room doors have been opened.
-Issue tickets to log events and monitor trends.
22. AT&T:
-Access & Secure vulnerable files
-Respond to suspicious activity
-Insure health of device all the way to tier 3 health
-Analyze security breaches and send alerts.