Network Security Assessment
You have been recently hired as a network security analyst for a small accounting firm.
The firm is realizing that they need help to secure their network and customer’s data.
With your background and skills, they are looking to you to provide guidance. In addition
to helping them secure their network, they require that you obtain your CompTIA
Security+ certification within 60 days of being hired.
In addition to the owner, who serves as the overall business manager, there are about
20 people on staff:
➢ 10 accountants
➢ 3 administrative support specialists
➢ 1 vice president
➢ 1 financial manager
➢ 2 interns
There is also one IT support technician on staff, who has basic computer hardware and
networking knowledge. He has requested that the firm create a website, hosted
internally, so that new customers can get information about the firm. This will be
important to remember as you complete your final project.
The firm has a simple network. There are currently 20 computers and two multipurpose
printers. All computers and printers are connected wirelessly to a NETGEAR MR814
device. This router is connected to a Motorola SB3100 cable modem. Staff e mail
accounts are set up through the company’s Internet provider. Employees use a
combination of Microsoft Outlook and standard web browsers to access their e-mail.
The owner is known to use his personal iPad during work hours to check and respond
to e mail messages.
Prior to your hiring, they hired a network cabling contractor to run Cat 6 cables from the
central wiring closet to all offices and cubicles. They want to move away from using
wireless as the primary network connection, but want to keep wireless access for
customers coming to the building. The technician who did the wiring mentioned to your
supervisor that he should look into setting up a Windows Server domain to manage user
access, instead of the current peer-to-peer network. He also recommended that the firm
invest in a managed switch and a firewall, and look into having some backups. The
internal IT support technician agreed with these recommendations but needs your help
to implement them.
You’ve been asked to assess the current vulnerabilities and provide a recommendation
to the firm’s owner on how to better secure the network infrastructure. Now that you are
aware of the firm’s history, your assessment and recommendation should provide
specifics about the network security settings that must be implemented and the
equipment that must be procured, installed, and configured. The firm’s owner has a
basic understanding of computing, so it is important that you explain the technical
issues in layman's terms.
I. Vulnerability Assessments
Use this section to describe any network security vulnerabilities. Use the scenario along
with industry standards and best practices to identify the vulnerabilities. Describe why it
is vulnerable and what the implication is if it is not mitigated.
The example below is of the physical security of a warehouse. (In your submission, you
will have several vulnerabilities identified and mitigated.)
At the Alpha Warehouse, we discovered one key vulnerability to the physical security.
This was the use of a Master Lock combination lock to secure the back entrance. While
the use of a combination lock can limit the number of people who can enter to those
given the combination, vulnerability in the design of these locks was recently exposed.
By using “a process that requires less than two minutes and a minimal amount of skill to
carry out ,” would-be thieves can access the warehouse through a single entrance.
While the thief will need to also have access to an online calculator that helps stream
the process, the prevalence of smart phones makes this a small hurdle to jump,
allowing any interested parties quick access to the Alpha Warehouse.
II. Network/System Security Recommendations
This section will provide network/system security recommendations on how to address
the vulnerabilities identified in Section I. Provide specific courses of action along with
any pertinent information about the recommendations. In this section, you will cover
recommendations only to network infrastructure or network devices. Don’t cover
software recommendations here.
In order to resolve the vulnerability created by using a Master Lock combination lock, it
is recommended that it be replaced by a more secure deadbolt door lock—specifically,
a Falcon D241. This lock is rated as the top standard lock by Consumer Reports. They
rate its resistance to kicking, prying, wrenching and hammering as excellent, and the
resistance to picking and sawing as very good. The only thing that was considered poor
was its resistance to drilling, but no standard lock was anything other than poor. Only
the high security locks had higher ratings for drilling, and only one of those, the Medeco
Macum 11WC60L, was rated higher than the Falcon [ 2]. Given its price of almost three
times as much as the Falcon, the cost does not seem worth the benefit. However, it is a
more secure option that the warehouse administration may want to consider.
III. Application/End-User Security Recommendations
This section will provide application/end-user security recommendations. Provide specific course of
actions along with any pertinent information about the recommendations. This section will include any
network protocol or software as well as actions that end-user must do.
In addition to installing a new lock on the back door of the warehouse, there are policy recommendations
that warehouse administration should implement. The most important policy recommendation is that
the number of keys to the back entrance of the warehouse should be limited to only those that need it
and in most cases only when they need it. As this is a secondary entrance, it is not necessary that all
employees have a permanent key. The warehouse manager should have one key that he keeps at all
times. Additionally, he should have access to a secondary key in the warehouse office that only he can
access. This secondary key can be given on a temporary basis to employees who need to access the back
entrance. Also, this secondary key should be given on a sign-out basis. Employees who are given the key
should have their name noted in a log book. When they return it, another notation is made indicating
such. This tracks who is responsible for the key at any given time, and should it go missing, will serve as a
paper trail for who had the key last.
 D. Goodin. (2015). How to crack many Master Lock combinations in eight tries or less [Online].
 No Author. (2011). Door Lock Ratings [Online]. Available behind paywall: