Riordan Case
Essay by promeathus • March 18, 2013 • Case Study • 2,178 Words (9 Pages) • 1,265 Views
Riordan Manufacturing Security Review
An organization has to make protecting its digital information their number one priority. This paper provides an overview of Riordan Manufacturing's infrastructure and its current level of security at each of its plants and will focus on the physical, network, and data security concerns and issues.
San Jose, California
The Corporate Headquarters in San Jose, California have a few issues that were noticed in the network map of that location. First, let us start with congestion of the network. The Corporate computers are on the same switch as the marketing. In this case, you would want to keep those separate, possibly even creating a DMZ to house the marketing, web, and mail servers. Marketing and Corporate are run on 24-port switches and then to a router. There are firewalls between the corporate switch and the network; this could be an issue. IP phones should be run to a switch and possibly, multiple switches if on different floors and then to a PBX switch. In addition, the network and back up servers should be behind a firewall and connected to their own switches. IDS and IPS should be connected to routers on both sides of the network. The gateway switch that runs to the Sate link is bypassing the Router. All data should be running through the routers and then the firewalls. A possible print server could be considered, cutting down port usage on the gateway switches. In addition, the majority of the servers need to be centralized. It appears that the servers are scattered throughout the building. A security controlled data room would be a good solution. This also helps the security measures needed in a building.
Pontiac, Michigan
This is the plastic parts plant and the Manufacturing portion of the company in the United States. In this map, hubs are used quite extensively. Low-end switches could be used and this would allow for more control of the network. Also, the cable infrastructure could use an upgrade. Using Cat 3 is an interference problem and can easily be infiltrated. Vampire taps can be used on unshielded cable and with cat 3, it can be done simpler. Also a DMZ should be set up in this map. Moving the servers and separating them from the FTP files and the mail server can be in a DMZ in front of a firewall. Firewalls should be implemented on the exits and entries even to the corporate office along with IDS and IPS sensors. Since it is a Bus topology, the printers could be moved to a print server switch to free up ports on the patch panels.
Albany, Georgia
In Albany, the company's U.S. manufacturing specializes in plastic bottles. Here, Switches should be installed to take away the risk of intrusions through the patch panels and an upgrade from cat 5 to cat 5e would be a plus. Again a DMZ should be created and the mail server should be located there connected to a firewall. Firewalls should be installed on the corporate network connection. An IDS and IPS should be place at the entry. This will protect corporate form any intrusions from remote locations. This location does not have an extensive network so monitoring could possibly be done remotely from corporate.
Hangzhou, China
The China facility, since it is abroad, will need to keep the network as secure as possible. Firewalls will be needed at the corporate and finance servers. A router should be placed before the servers and a DMZ should be created for the mail and Web servers. The gateway switch that runs to the Sate link is bypassing the Router. All data should be running through the routers and then the firewalls. This will invite a back door attack on the network. The 8 port hub for the printers should be replaced with a print server to protect documents. Also, the computers should be ran to multiple switches and then to routers on different floors.
Network Security
Riordan Manufacturing has a headquarters in San Jose connected via WAN to three other manufacturing plants. Design concepts and security issues will be addressed to ensure Riordan Manufacturing is Sarbanes-Oxley compliant. Each site will be reviewed and outlined for these improvements.
San Jose
Riordan Manufacturing's headquarters is the center piece of the WAN-based network. All other Plants connect to headquarters for their connection to the outside network except for the Hangzhou, China plant. San Jose's network is not protected by a firewall between them and the cloud. Without a firewall, the network is wide open to attacks and denial of services for hackers. With the use of a Cisco ASA as a firewall, Riordan Manufacturing can close the large hole and monitor and track access to their network. By Adding an intrusion prevention system (IPS) will help detect and stop attacks in a proactive manner. According to (O'Leary, 1992) "A critical aspect of the security of a computer-based system is the ability to fend off potential intruders and identify actual intruders." With this type of system in place, Riordan Manufacturing can monitor and stop attacks before they happen on the local network. These types of unexpected behavioral attacks can bring down a network and bring production on the network to a standstill. By using a Cisco ASA, Riordan Manufacturing can create encrypted tunnels to each manufacturing site to secure their data from capture and allow the use of cheaper forms of connectivity with higher bandwidth then a T1 line. Also with a Cisco ASA, they will then be able to provide VPN client access from home networks in a secure environment. The Cisco ASA will also monitor and scan all network traffic for viruses and stop them before they can reach the local network.
Albany and Pontiac
Riordan Manufacturing's Albany and Pontiac plants connect to the main headquarters with a fractional T1. By replacing the fractional T1 with a dedicated cable or DSL line, Riordan Manufacturing will be able to increase bandwidth. By installing a Cisco ASA and creating a VPN tunnel, Riordan Manufacturing can then encrypt their data and provide a more secure network. The Cisco ASA will also help provide secure access via a VPN for home users. The Albany plant also has a local Microsoft Exchange server that will need to have protection from virus-based e-mail. By having an IDS system in place that will actively scan and stop virus-based emails Riordan Manufacturing will further secure their network.
China
Riordan Manufacturing's Hangzhou plant connects
...
...