Details of this Paper

NetGamesRUs Week-3 Security Policies

Description

solution


Question

NetGamesRUs.com;NetGamesRUs is a sample company. It is a small organization with a midsize network and some speci?c needs.;Organization Overview;NetGamesRUs (NGRU) is an upstart gaming company in the world of massively multiplayer (MM) games. These games allow thousands of users from around the world to connect to the same server to take part in a game. MM games attract a devoted following that doesn?t take too kindly to downtime and is even less tolerant of game bugs or cheats that allow a certain player to gain an unfair advantage over others.;After?nishing the beta phase for its?rst game, NGRU quickly realized that it had a hit on its hands. The buzz on the Internet was that this game could sell over 100,000 copies in its?rst month of release. During peak times, the company estimates that as many as 10,000 people can be logged on to its servers.;Unfortunately, NGRU designed the infrastructure for the game back when it thought it would be lucky to sell 10,000 copies in the?rst 3 months. As such, NGRU needs an improved design that allows a high rate of throughput. Security wasn?t top of mind during the game?s development, but after seeing a competitor?s customer database get hacked and the bad PR this caused, NGRU decided to hire a security professional, you, to come in and help improve its security in the 30 days leading up to the commercial release of the game.;NGRU has a staff of 30 in one location, mostly developers, some of whom work remotely. It has one dedicated IT staffer for both security and networking.;Current Design;The NGRU network is shown in Figure below.;The NRGU network is currently a?at internal network with a?rewall between the internal network and the Internet. As you can see, all public services are in front of the?rewall. This was done because NGRU didn?t spend the money on a three-interface?rewall when it built out the network originally. All public servers, including the gaming servers, are UNIX based.;All internal systems are unprotected beyond application security. Each game developer has a UNIX box for development, e-mail, and other work-related tasks. They also have a Microsoft Windows box that they use for game testing because Windows is the dominant MM gaming platform.;Security Requirements;The following are the basic network-relevant decisions related to the security improvements NGRU wishes to make. Some of the requirements are found in the security policy, others are derived from the policy?s mandates.;Campus Security;The following are the security considerations in the campus network;? Internal employees are trusted, in addition to being a very small group. Policies were written to encourage strong password selection, antivirus, host patching, and basic hardening, but internal security is left intentionally weak.;? All devices are stationary, so there is no wireless LAN (WLAN). Physical access to the building is basic lock and key.;? No inbound access to the campus network should be allowed as a default. (Exceptions are noted in the following sections.);Edge Security;The following are the security considerations in the edge network;? The public services (DNS, SMTP, HTTP) should be separated from the game servers, and both collections of hosts should be protected from attack.;? The game servers listen on User Datagram Protocol (UDP) port 4432.;? Remote workers should have a secure channel to access the internal network and the game servers.;? The availability of the game servers is of paramount concern.;? The customer database should be protected against direct attack from the Internet because it contains credit cards and other sensitive information.;Management;The following are the security considerations related to network management;? Devices on the edge network should be managed securely when possible. Systems on the internal network can be managed using any available method.;? The game servers should not be managed over the same links that route the production traf?c.;At this point you have enough information to develop security policy of NetGamesRUs.com;Q1: Outline NGRU's primary business needs to be protected. Develop security policies for NGRU using network Security Policies Best Practices to meet minimum primary business needs of NGRU's.;Q2: Put yourself in the shoes of a resourceful attacker. What damage could such a person with lots of free time and patience do to NGRU's organization business need?;Q3: The company president went to Washington to attend Homeland Security conference and just returned. He called you (Chief Security Officer) and ask you to revise your security policies to include a Terrorist Attack. More specific, he wants to minimize the loss, if such an attack occurs at one location or in town. What would you recommend and also, list your basis of recommendations.

 

Paper#69510 | Written in 18-Jul-2015

Price : $27
SiteLock