Cisco wireless explorer game answers

ISE 510 Final Project Scenario Background

Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations.

Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes.

Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.

Highlight of Interview with Jack Sterling

Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:

Hardware/Software:

Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat

Applications/Databases:

Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment.

Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month.

SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment.

Network:

The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points.

Configuration Highlights:

Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to.

Managed switches – There is no logging of network activities on any of the switches.

Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the following services in addition: File & Print Services, Telnet, IIS.

Firewalls – Firewall configuration is very secure, and the logs are reviewed when there is suspicion of a security event. The following files types are allowed for inbound connection: EXE, DOC, XML, VBS. In addition, Telnet and FTP are allowed for inbound connection.

Passwords – Users determine the length of the password and complexity, but it is mandatory to change password once a year.

Network configuration changes are determined by the IT manager and users are notified immediately once the changes are implemented.

Documentation:

I. There is no documented security policy, or computer use policy.

II. II. There is no documented process for changes to the system.

III. III. There is no contingency plan.

System Backup:

I. Backup is conducted daily by the network administrator, and tapes are kept safely in the computer room.

Personnel/Physical Security:

I. While users are not trained on security awareness, emails go out every month from the system administrator warning users of emerging threat.

II. II. Visitors sign in at the front desk before they are allowed to walk in to see employees at their respective offices.

III. III. Remote employees connect via virtual private network. Their laptops are configured exactly as the desktops in the office with unencrypted hard drives.

IV. IV. Often users are allowed to bring in their own laptops, connect to corporate system, and complete their tasks, especially if they are having issues with laptops provided by the company.

Incident Response:

At Limetree Inc., systems administrators are notified of computer incidents, and the administrators escalate to the IT manager, who reports incidents to the security manager if they are deemed relevant. Currently there is no official documented process of reporting incidents. There is also no previous documented history of incidents, even though Limetree Inc. has experienced quite a few. Corrective measures are taken immediately after an incident, though none of the measures was ever documented.