Name Date For the Harry & Mae Case Study, complete the asset identification and valuation for Harry & Mae, Inc. For the Harry & Mae's Case Study: Create a Risk Analysis table for the identified vulnerabilities and risks as shown in the sample. For each of Harry & Mae's critical assets, calculate the probability of each threat/vulnerability pair being exploited. For each of Harry & Mae's critical assets, determine the impact rating for each threat/vulnerability pair. For each of Harry & Mae's critical assets, calculate the risk exposure related to the identified vulnerabilities. There should be a risk exposure value for each threat/vulnerability pair that you identified in the last assignment. Sample Risk Matrix table: Asset Name Description Asset Value (1 - low, 5 - high) Personal Computers Equipped with Hard Drives and floppy drives. Used by employees. 3- Medium - especially if sensitive information is stored on hard drive. (Dependent on the user and his/her data.) Vulnerabilities Likelihood Risk Exposure Value Value (1 - low, 5 - high) (1 - low, - high) (1 - low, 5 - high) Vulnerability Threats 5 Name Date LAN Server Used by employees to store files and to run shared programs. 5- High - data loss would cost the agency significant effort to reproduce E-mail Used by employees for electronic communications and file transfer 3- Medium - e-mail enables the agency to communicat e with other agencies Assumptions: Assumption one Assumption two [NOTE: This is an example provided to help the student understand the process. It is not complete on purpose. Make sure it contains sufficient detail to help the client understand their risks. Please remove this statement if you use this document for your assignment.] Purpose: To give you experience designing a secure network infrastructure. Directions: You have been selected as a consultant to design a secure network for Harry and Mae's . To complete this project, read the scenario below and submit the required milestones when they are due. You may use any resources, including books, the Internet, and other appropriate sources to complete this project. Remember to cite your sources. The project is complete when you have submitted all five milestones. Please note that this scenario is based on a fictitious company, and any similarity to a real company or real people, present or past, is coincidental and unintentional. Scenario: Harry and Mae's Inc., is a diner franchise that supports over 100 diners located in New York, New Jersey, Delaware, and Pennsylvania. Harry and Mae Pierce started the original Harry and Mae's diner with two railroad passenger cars in 1954. Since then, his children and grandchildren have transformed the company from a single restaurant to a chain of restaurants, and, most recently, to a publicly traded franchise business. The franchise business provides restaurant owners with everything they need to open and run their own operation, including buildings, fixtures, restaurant products, support services, and food. The corporation resells credit card payment processing services to their business owners at competitive rates. They reimburse, up front, for credit card transactions that are funneled through their payment processing system as an incentive for franchise owners to use their service. Harry's grandson Tom Pierce is the president of the corporation, and he has hired you as a consultant to assist him with a security breach during which hackers obtained credit card data on over 25,000 restaurant customers. He wants you to identify the cause of the breach and to redesign the network to prevent a repeat occurrence. Location: Both the corporate headquarters and warehouses for Harry and Mae's are currently located at their new Windsor, PA, campus. They built the campus from the ground up at that location because it was central to their operation and both the business climate and tax structure were favorable. The campus currently employs slightly over 400 people that see to the day to day operation of their construction, distribution, and support business units. Physical security: The campus physical security system was designed by a retired Army general. Its main features include a perimeter fence, cameras, smart card access points, alarms, and a full-time security staff. Access to all buildings on campus is restricted through smart cards. The server room is a 1600 square foot building within the main headquarters building. It has climate control, an uninterruptable power supply, and a generator with enough capacity for 36 hours of uninterrupted operation. The walls, floor and ceiling are constructed of reinforced concrete and are two feet thick. In addition, the entire building is shielded against electromagnetic radiation. It has an outer set of vault doors and an inner door that is equipped with a biometric scanner. The interior of the room is equipped with fire, water, and motion sensors, as well as cameras. The sensor and video feeds from the campus are centrally monitored by a staff of three people 24 hours a day, seven days a week. Wired network Infrastructure: The wired network infrastructure consists of three layers. The innermost layer consists of consists of two Cisco Nexus 7000 switches populated with M1Series 8-port fiber optic switches that provide fully redundant 10Gbit connectivity between servers, to the Internet, and to the second layer. The second layer consists of a 10 Gbit dual fiber ring that provides connectivity between the core network and 2 Cisco Catalyst 4928 10Gbit layer 3 switches located in each building on campus. The third layer consists of Gigabit copper local area networks that connect computers and Power over Ethernet (PoE) phones with Cisco 2060-S PoE switches that are located in communication closets in close proximity to their users. Each subnet in the third layer is connected to the second layer through both Cisco Catalyst 4928 switches that provide access to the fiber ring for the building. Layers 1 and 2 are fully redundant. Layer 3 doesn't provide redundant connections, but less than 50% of the available ports are used on each switch. The communication closets are equipped with patch panels that would permit network administrators to manually bypass a defective switch. Wireless connectivity on the campus: The campus has full wireless access provided by an Aruba Networks grid. There are two Aruba 5000 Modular Mobility Controllers serving over 100 Aruba Networks AP 125 wireless access points. The wireless network interfaces directly with the corporate headquarters wired network. The mobility controller has the ability to serve as a firewall, but the default settings currently allow all traffic in both directions. In addition, the president of the company has directed that the current wireless system be configured to provide open access without logon capability because he wants to make it as easy as possible for employees to use their mobile devices. When asked about potential security issues, he said that the convenience of mobile devices outweighs the risk. He had his physical security consultant walk the perimeter with a mobile device to confirm that the signals from wireless devices on the campus were too weak to register. Internet: The Internet connection for the company is provided by Comcast Business Services. Comcast provides a fully redundant 100Mbps down and 10Mbps up fiber connection to the campus on a fully redundant dual fiber ring consisting of two fiber pairs. Security appliances: The campus network has two Sonic Wall NSA 4500 Firewall Security Appliances that connect the Comcast Internet connections to the core network. These two devices are currently configured to allow all traffic in both directions. These devices are capable of up to 1500 VPN connections each. However, the company chooses to forward VPN traffic through the firewalls and handle it using a Microsoft PPTP solution. The campus also has two Barracuda Spam & Virus Firewall 600 appliances. These devices are located on the core network, and all mail traffic is forwarded through them. However, the company has not activated the subscription that updates the signature files, and some users are complaining about excessive SPAM. Active Directory Domain: There is a single Active Directory domain for the entire campus. It was configured using default settings, and uses the default domain group policy with one exception: password history and complexity requirements have been disabled to make it easier for employees to use passwords they can remember and reuse them if they want. The rationale for making this change was that Tom Pierce had difficulty remembering his password, so he began writing it down. A member of the cleaning crew saw it and used Tom's machine to view pornographic material. When Tom discovered the breach, he fired the person responsible and directed the password policy change. Servers: The headquarters has a 200TByte HP StorageWorks Storage Area Network (SAN) that provides storage for 10 Hewlett Packard ProLiant DL380 G7 servers. The HP servers are running VMware ESXi software. On that virtual platform, the company currently hosts redundant virtual servers for their domain controllers, Inventory Tracking System (ITS) Point of Sale (POS) system, accounting system, payment processing system, email system, Web site with database support for active content, Windows Routing and Remote Access Server (used for VPN connections,) authentication services, and database management systems. All virtual machines are running Microsoft Windows 2008. The administrative staff elected to not install antivirus software on any of the virtual servers, as that would slow them down. After all, Web browsers are disabled on all of them and no one is permitted direct access except administrators. The Web servers and Email servers have two network connections: an internal one and external one with a public IP address. There are no firewalls on the external connections. Web developers move web pages to the Web server using File Transfer Protocol (FTP). FTP is enabled for both internal and external networks, as some programmers access the Web server from home. Security is enabled, so they must log in using their Active Directory user accounts. In addition, the system administrators have discovered that FTP is a convenient way to move files, and they often log in using their accounts, as well. Using the FTP server as a staging server, it is possible to move files from the outside to the Web server, and then from the Web server to a workstation. Web hosting: The Web server is used to host the company's web site. The site has two parts that are both hosted on the same server, a public part that is available over the Internet using the company's URL http://www.harryandmae.com, and a \"private\" part that is available on the internal network only that is accessible only by using the internal URL http://www.haryandmae.local. Employees can log into the \"private\" Web site using their Windows login credentials and view their pay statements, work performance reports, vacation time, and other personal information. Campus workstations: The company has over 400 Dell Optiplex 380 workstations with Windows 7 installed. All computers are joined to the company's Active Directory domain. These computers are configured for IPv4 only, and IPSec is disabled by group policy. All workstations have Symantec Endpoint Protection installed. In spite of the new relaxed password rules, some employees still write their passwords down, and they can be found taped to the inside of drawers, on the bottom of mouse pads, or on notes stuck to their monitors. The company uses a Web front end for all of its applications, and the workstations are capable of accessing them using Microsoft's Internet Explorer. Remote users also have access to the same applications via the VPN. Off campus: The default configuration for new restaurants consists of a high speed Internet connection supplied by a local provider, a Network Address Translation (NAT) firewall device that includes a wireless access point (Similar to a Belkin N 150 Wireless Router), an office computer, and two point-of-sale computer systems that include credit card processing software. All computers are Microsoft Windows 7 machines with Norton Antivirus software. All employees have user names and passwords for the system. There have been problems with computers becoming infected with malware because the point-of-sale software can be minimized. Point-of-sale computers connect with the corporate headquarters for payment processing using Microsoft PPTP VPN clients on each machine