1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2.
Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers.
The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data? I would place the e-commerce server in the DMZ with the private and credit card data stored inside the internal network. The commerce server will have access to the private data and will pass it in an encrypted form to and from whatever it needs to go.
The e-commerce server will be physically secured in the server room, possibly with an added locked server cabinet. 4. What recommendations do you have to secure the server farm from unauthorized access? I would lock the servers into their own room with keycard or fingerprint access only. Set up and perform audits on each individual server. 5. If the organization implemented wireless LAN (WLAN) technology, what would you recommend regarding the use of VPNs or encryption within the internal network when accessing the server farm?
I recommend regarding the use of VPNs or encryption within the internal network when accessing the server farm that IPsec is a good option because all servers are contained in one physical location. 6. Submit your Microsoft Power Point or Visio block diagram with this Lab #8 – assessment worksheet and your answers. 7. Submit your Microsoft Word functional overview document along with your block diagram.