NSA CAPSTONE: FINAL PROJECT
ITT Tech
NSA Capstone
Final Project
Samuel Ott, Franklin Pieterse, Dustin Leecy, Jeannetta Walker, Jordan Marsh, Elvira Turner, Daniel Stephenson, Andrew Wilson, Filander Valladares,Christopher Miller
2/28/2016
NSA CAPSTONE: FINAL PROJECT
Part 1
ABC Company has a total of nine offices. Four of the offices are sales and five are
creation offices which will be developing of multimedia. All the offices are going to be able to
connect to each other. The company servers in Tokyo, Paris and Detroit will maintain a 24/7
connectivity for the company WAN.
For the topology of the company WAN will be in a mesh configuration. The separate
offices will be designed into star configurations with switch communication. On all offices we
will have fiber telco rooms in the basement and networking closets on each floor. These will
have fiber to each floor switch and CAT6E cabling to each hardwired node on every floor. We
will also have network routers and firewalls in the telco room for security. There will be
individual switches per floor to help manage traffic and avoid latency. This will help keep traffic
flowing smoothly and reduce bottlenecking of data flow. We will be using redundant fiber
between all offices on leased lines. As described by Derek Rogers in his article “Leased lines are
symmetric telecommunications lines that connect two different locations together. In the United
Kingdom, lease lines are often referred to as Data Lines or Private Circuits. The United Kingdom
does not use a telephone number for the data lines, however each of the sides of the line will be
permanently connected to the other.”(Rogers, n.d).
We will be carrying the maximum speeds available for each location, with no less than
100Mbps and hopefully a continuous 1Gbps where available. Due to the size of files that we
need to transfer we will be able to maintain a response time that will not exceed 20 seconds
between workstations. We will be using another form of redundancy by adding satellite
connections where available and feasible. Using Satellite for all of our multicast needs will help
NSA CAPSTONE: FINAL PROJECT
keep other traffic flowing smoothly and efficiently without compromising our overhead. We will
be using ViaSat to host our satellite transmissions. As stated at ViaSat.com “ViaSat is the 1st to
introduce “true 100 Gbps Ethernet encryption! Available today, our SEC-1170 single-port high-
speed appliance also delivers the industry’s lowest latency, 3x less than competing Layer 2 or 3
encryption”. (ViaSat, n.d.).
The star topology will be a very efficient means of keeping our offices up to date and
expandable. When using a star topology it has a max of one thousand twenty four nodes. (Naik,
2015). We will be connecting them through our switches on every floor, to keep as few failure
points as possible with the max expandability as we can. The switches will help keep data
flowing only to required nodes to help keep collisions and bottlenecking to a minimum. We can
also support either fiber or coaxial cable as needed with the proper switches. As stated before, we
will have our telecommunication room separated from the rest of the building to keep security
tighter in this area. Also, we will be expanding per floor needed with a network room. We will
be running fiber to the building and to each floor. Then from each network room on the floor we
will be expanding fiber or coaxial cable as needed. We will also want two printers per floor and a
separate printer for human resources per office. These will also be connected per the switch.
Each building will have available and secure wireless connections. We will be using the
IEE802.11AD standard. “IEEE 802.11ad, on the other hand, this uses the much higher 60 GHz
spectrum. This spectrum has even more room to pack different communication channels side by
side. Consequently, it can deliver up 7 Gbps —but only for short distances. It’s easily obstructed
by air, water and walls, and other limitations”. (Intel, pg. 5, para 1). With these we will need to
take into consideration and plan accordingly as needed to ensure total coverage of our wireless
network for each office. This will help keep us current and transmit speeds at a max even though
NSA CAPSTONE: FINAL PROJECT
we might need to add extra access points to ensure that there are no low signal areas. We will
also have this as a secured area of our business going through our firewalls to keep data theft and
loss to a minimum.
The sales offices in Washington, Indianapolis, Tampa and Liverpool we will be
developing a telephone system with conferencing and speed dialing to any location in the
company. Our first choice is to use VOIP phone system because it has the capability of handling
multiple phones calls on multiple lines at one time but conferences setting up a Web Ex account
would give the flexibility to also add a person using a mobile phone as well as in office instead
of using Skype which has been shown to be unreliable a lot of the times. This is one reason using
Web Ex would benefit multiple companies around the world “you can add specialized
functionality for webinars, training, or remote technical support. You may need global online
meetings with integrated audio that can be joined via tele-presence and multiple video systems.
Or you might want personal video meeting rooms. Cisco WebEx products are all
that.”(WebEx,2015) As far as the phone system VOIP phones are the up and coming technology
used in most doctor offices and hospitals and for some small home business. Here is another
reason VOIP would be our preferred choice. “All of the premise based VoIP Phone Systems we
carry are easy to manage, feature-rich and offer uncompromised functionality, flexibility, cost
savings as well as advanced features that substantially improve productivity. Choose from a wide
variety of Premise based VoIP Phone Systems from the VoIP Industry's leading VoIP Phone
System providers - and don't forget to ask about our configuration and financing offerings.”
Using the latest technology will keep us up to date and it will also help our team members in
other parts of the world use very simple and basic technology that is growing and expanding
daily.
NSA CAPSTONE: FINAL PROJECT
Part 2
As a business we will need to set up a network that is functional, reliable, and
expandable. For this there was a lot of time and research to put into all aspects of the network.
Especially, in the hardware that is needed to keep the business operational now and into the
future. To achieve this, we have chosen what we determine to be the best options in what we can
acquire to give all users the necessary tools that they will need to do the job required and keep
the business secure and operational well into the future.
For the server aspect of the business we will be deploying Cisco UCS 5100 Series
Blade Server Chassis with Cisco UCS B260 M4 Blade Server blades. This allows us to expand
workloads as needed and only have to worry about the cost of what we need without having to
reorganize the system later. Should we need more servers it would be just a blade away. Cisco
states that its UCS 5108 Blade Server Chassis is the first of its kind with a height of six rack
units (6RU) it can mount in an industry-standard 19-inch rack, while using standard front-to-
back cooling.
The Cisco UCS 5108 Blade Server Chassis uses a revolutionary use of unified fabric and
fabric-extender technology. Not only does that let the Cisco Unified Computing System to have
fewer physical components, but it allows the systems network to be integrated with up to 20
chassis in a single management domain. This is great for scalability. It requires no independent
management as the configuration and hardware management is integrated. Using a Java
application known as a CLI it can manage up to 176 blades configuring the hardware and
networks as needed, and be more energy efficient than traditional blade-server chassis. This
NSA CAPSTONE: FINAL PROJECT
simplicity eliminates the need for dedicated chassis management and blade switches and reduces
cabling. (Snyder, 2011)
On the servers, our main operating system will be Windows Server 2012 R 2 while using
Active Directory management roles. This will enable us to separate operations and keep the
business compartmentalized between departments and help shape what is needed inside the
company. With this we will also be using VMware to set up virtual servers to help suit individual
departmental needs as they shall arise. This will include other operating systems and
developmental software needed for project research and development.
To connect our offices we will be using Cisco 2921 Router. The 2900 series has
very fast internet and intelligent integration for market security. It has hardware for encryption,
and a digital signal processor, with an optional firewall. It has many usefully features for security
like intrusion prevention, and video capable digital signal processor. It even has voice mail and
connections for T1/E1, XDSL, copper and fiber GE. This system has the ability to expand as it
offers increased capacity and performance as the network and company grows.
Our phones, security cameras and wireless will be using the Cisco Catalyst 3750-48-port
10/100Base-T. It is stackable so you can add more ports and units making it optimal for
expansion. When stacked the units use a proprietary multi-pin connector. If creating a ring you
will need to of these connectors. This device will automatically balance the load of two or more
units and can support 32G bit/sec of throughput. It has full control, full duplex layer 3 switching,
IP routing, DHCP support. (Bass, 2003)
For our desktops and video conferencing we will be using the Cisco Catalyst 3560x-48t-l
managed switch – 48 Ethernet ports on every floor. This switch is for an enterprise class, and is
NSA CAPSTONE: FINAL PROJECT
good with security and energy. It is easy to operate and has innovative features; it can provide IP
telephony, wireless and video for a great network experience. It boasts gigabit Ethernet speeds,
and it has different speed ports for 10/100/1000. This particular one has VLAN capability. The
performance has 160gbps. For the individual phone system we will use the Cisco Business
Edition 6000 with our handhelds being CISCO - (CP-7962G-RF) UNIFIED IP PHONE 7962G
VOIP phone for each desk in the office.
The business desktops and laptops are going to need to be a mixture to suit what
each department needs. All regular employees will get an Aspire ATC-705-UR58 from ACER.
These will come with Windows 7 enterprise edition. We went with this machine because it will
give the users the ability to look at and review multimedia that the company creates with its Intel
HD 4600 graphics card. And be able to save it with the 1TB HDD. It also comes with 8GB of
RAM which allows for multitasking. And it comes standard with USB 3.0 ports. (Tech, 2015)
This will be an asset as to being a decent desktop capable of lasting all the while, giving our
admins better controls over the individual user through use of software, security, and group
settings. For our production and development departments we will be using Apple IMac in group
rooms and workspace for the enhanced graphical design properties that are needed for our media
content. These systems will be on an intranet with limited content sharing to keep strict
regulations on our research and development. All our production and development members will
also have an Apple MacBook Air. This will help transition ideas from IMac to their laptop for
presentations without sacrificing visual or unsupported data.
One other aspect to look at will be our firewalls, proxy servers, and VPN. We are
going to use the enterprise hardware based firewall, the reasoning behind this is because the
hardware is more robust and allows for better protection, this will accommodate us for larger
NSA CAPSTONE: FINAL PROJECT
amounts of memory usage, installation is more difficult but protection and monitoring is better.
Static random access memory refers to a secondary type of memory used in a computer or
appliance, for our needs we will be using SRAM instead of DRAM because it does not need to
be refreshed, and cycles through memory a lot faster. So with all these factors in mind and
understanding how important a firewall is to a company, we have decided to go with the Cisco
ASA 5555-X. Software is already installed on appliance and can accessed using a management
device like a laptop. We will refer to this source for set-up and usage of this device found at
(http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html).
Our company is going to utilize Wingate for our proxy server, which is a software version. The
current version of Wingate is version 8.4. These proxy servers will share space on our servers in
a virtual environment. This will allow us to utilize what proxy servers allow without having to
install physical hardware thus saving cost on equipment and allow us to spend that on the
software and management. This will also help when employees need to connect to the office
from home for some unexpected work. Lastly, for our VPN we will be using Juno Pulse also
known as Pulse Secure. It is mid-priced in relation to other similar products. This is great as the
company is moving to bring your own Device (BYOD) and works with iOS and Android
systems so you can check your email, access company resources, or do a voice conference on the
go. “Pulse Connect Secure delivers seamless and blazing-fast end-user access to corporate
networks and resources. Out-of-the-box host-checking and device compliance features ensure
connectivity for both trusted and untrusted devices. Pulse Connect Secure supports leading web
technologies and technology standards such as HTML5 and IPv6. Plus, its broad Virtual Desktop
Infrastructure (VDI) allows for interoperability with leading players such as VMWare, Citrix,
NSA CAPSTONE: FINAL PROJECT
and Microsoft. All data is cauterized and can even share data. Easy to use your mobile device
and very secure. (Stephenson, 2015)
We as a group consider these as viable options for our network that will give us
ease of access along with flexibility, reliability, and upgradability for years to come. These will
also help us as a business grow our business and provide access even while on trips for business.
These tools will bring the business to a new and very optimal high point in the digital age. This
base of equipment is truly scalable on an as needed basis. It will let us add any hardware and
software as needed for development. The use of these devices together open boundless doorways
that we can progress and come together better even at long distance.
Part 3
There are a lot of protocols out there for a company to choose from. There are some that
are standard operating procedure and a necessity for everyday like TCP/IP. This paper will just
encompass a few of the less well known and must have protocols for our VPN, file transfers,
media, switches, WAN, VOIP, and some of the firewall protocols that will be a necessity for our
business to succeed. The general user, has relatively no idea how much work and time is spent
setting up and verifying the process’s that goes in to this step, which it can be a very daunting
process.
For our VPN we are going to go with L2TP/IPsec. L2tp over IPsec allows a
business to transport data over the internet, while maintaining a high level of security to protect
the data. To use this type of protocol we have to remember that we must place the VPN server at
the internet access point or DMZ for this to function. The VPN server is responsible for
enforcing user access and policy decisions. To actually have a connection to occur you will need
NSA CAPSTONE: FINAL PROJECT
to install computer certificates of the VPN client and server devices. When, a client attempts to
access the VPN the server grants access through a series of actions to check user restrictions and
properties to determine that the user has access and creating a link to the company. Thus
ensuring the company’s intranet remains uncompromised while, at the same time, granting
access to the user from outside the company network. (Hoffman, 2015)
For our switches and routers we will be using EIGAP which stands for enhanced
interior gateway routing protocol. This is a distance vectoring protocol that has optimizations to
reduce routing instability and guarantees loop-free operation and provides us with a fast router
convergence. The switches will use IS-IS. This will allow the individual switches to build its
own network topology and will allows packet transmission based on the switches determined
best topological path..
One of the main protocols that we will be using is XTP or eXpress Transport Protocol.
This protocol will be used in the transfer of our media files from our different sites. XTP offers
high speed data transfer which is able to run parallel to all other transfer protocols. Using XTP
will also be able to control rate flow, burst control and also set a bandwidth limit. This can also
be used with satellite data transfer for a second option if grounded services are disrupted.
(Andrews, 1997)
All of our sites will have MTP or Media Transfer Protocol to be able to transfer
data to or from their mobile devices. This is important for developers and media teams to be able
to get the files they need at a meeting but didn’t bring the data with them. Most all windows and
iOS devices have MTP already implemented into the device which means no additional cost for
the company. Most of the developers will also be using the AFP or Apple Filing Protocol, which
NSA CAPSTONE: FINAL PROJECT
is the standard for the iOS operating systems. Other protocols within the Apple framework that
will allow steaming of media from the desktop to the “iPad” will be, MPMediaPlayback, this
protocol helps control playback. MPPlayableContentDataSource lets media to be played from
external media devices. And MPPlayableContentDelegate protocol will allow command to be
sent from external media devices to the Apple application. (Apple Inc., 2014)
The VOIP protocols that we will use are MGCP or Media Gateway Control
Protocol, SIP or Session initiation protocol, SDP or Session Description Protocol, RTP or real
time protocol, and RTCP or real time control protocol. These will work in unison to make sure
that we can stream video conferencing, have voice calls, and all other aspects of
telecommunication that we are going to need to use to make sure that we can compete and do all
required in the digital age. These will ensure our connections through the use of Codecs to
handle the conversion of analog signals to digital form and back again. (SAVVIUS, INC, 2016)
The SIP protocol will require some changes with our firewall as well to make sure
that we can make the calls work. The SIP protocol involves embedding IP addresses which can
be challenged by NAT. The firewall has to take the private IP addresses used and convert them
to the public IP addresses. It will require that the private IP addresses have a UDP port filtering
protocol in effect so that calls can go both ways with data. To do this we will need to make sure
that we have NAPT or Network address and Port translation protocol enabled. It will be the
responsibility of the firewall to ensure that NAPT is applied correctly to all VOIP packets.
(Allied Telesis, Inc., 2007)
These are just an overview of the many different protocols that we will be
implementing for our business. As stated before there are many more that are going to be needed
NSA CAPSTONE: FINAL PROJECT
to actually set everything in place and make everything work. Some will need to be initiated by
us while others will rely on protocols already in place like TCP/IP and UDP that all businesses
use. Protocols and the ability to implement and integrate them into a fully functioning network is
one of the hardest and longest parts of network setup.
Part 4
ABC Company is a worldwide company with offices all across the globe. The company
is engaged in the development of audio and video special effects for the entertainment and
advertising industry. With the company being so spread out and diverse the logical calling choice
is going to be Voice over IP or VoIP for short. Also, we are going to be needing teleconferencing
to all major offices across the globe. Due, to the demand our company will need to ensure that
we can connect and have meetings across the globe whether with customers or project teams and
management. The fact that the company is worldwide it makes a lot of sense for us to make sure
we have a way to ensure that we can do all these meetings across the globe when needed for
projects and reviews. This is where we have chosen WebEx for all of our teleconferencing needs.
As far as the phone system, VOIP phones are the up and coming technology used
in most doctor offices and hospitals and for some small home business. The phone system of
choice is, of course, our Cisco based switches and phones. Our phones will be using the Cisco
Catalyst 3750-48-port 10/100Base-T. This is a stackable unit so you can add more ports and
units making it optimal for expansion. When stacked the units, use a proprietary multi-pin
connector. If creating a ring you will need two of these connectors. This device will
automatically balance the load of two or more units and can support 32G bit/sec of throughput. It
has full control, full duplex layer 3 switching, IP routing, DHCP support. (Bass, 2003).
NSA CAPSTONE: FINAL PROJECT
For the individual phone system we will use the Cisco Business Edition 6000 with our
handhelds being CISCO - (CP-7962G-RF) UNIFIED IP PHONE 7962G VOIP phone for each
desk in the office. These are going to be a very universal staple that can easily serve our bigger
and smaller offices due to the design of the switch. With it being stackable we will have the
needed requirements for it to be added to as our company grows. (Brooks, 2016)
The ease of using the same type of system and individual handhelds as a standard
means that even when the employees of the company need to travel or relocate they can easily
transition to the new environment. By using the same VoIP phone system we also have the
means of having easy access to troubleshooting and faster uptimes of down switches if one
should crash. We would maintain redundant switches and spares as needed to keep up with
repairs and growth. A universal system can truly be a great investment and as for when the
products reach end of life it means that you can find a new standard to upgrade and easier time
for all involved. The fact that we are going redundant with our network means that even if a
switch should go down the backup will kick in with little to no loss of connection. The Cisco
phone system that we are implementing also comes with a feature to let us know when a fault
arises within the system and helps with the troubleshooting.
The company’s regular need for teleconferencing can be made all-inclusive by
using WebEx. By using WebEx we make sure that the conferencing is as clear and latency free
as possible due to the WebEx Collaboration Cloud which determines which point of presence has
the lowest latency and offers the best performance. The WebEx client recognizes the location
and routes traffic through the nearest data center for optimal performance. It will even transfer
meeting communication through alternate lines of communication if the line or connection
becomes degraded or unusable. This feature will help ensure that the company will never miss a
NSA CAPSTONE: FINAL PROJECT
second of the conference due to the degradation. If you couple this with the GlobalWatch
feature, administrators can set performance thresholds and receive alerts at a designated
threshold as well as analyze information for usage trends to better delegate bandwidth and
maintain optimal network performance. Another great feature of the WebEx solution is that it
will work across multiple platforms. This will make it easier, so we can connect with the
employees that will be using different operating systems for their day to day job. Couple, this
with the integration ability of WebEx to integrate with applications, can make everyone able to
share what they need, when they need to. (Cisco Systems, Inc, 2008)
For security and training purposes we will be using Cisco Telepresence Content
Server. This server will be able to interconnect to our WebEx and be able to record all of the
teleconferences as well as the video conferences. This will also help our company be able to
implement training videos, share and store media as well as be able to pull videos to a portable
media device if needed giving the company a huge step up on technology that competitive
companies might not have. (Cisco Systems, Inc)
WebEx can even offer us the option of conferencing on the go by letting us use
company based phones or where appropriate personal phones to go to the meeting in case of
delayed flights and or being sick. This will truly let us keep on top of those meetings with a
certain ease. It also has the ability to have private meetings going on at the same time as the
general meeting making a smooth, decisive decision without stepping on anyone’s toes. It is
available to use from androids, IPhones, and even Windows phones. This truly opens the door to
let our staff get a better deal and ability to use a wider variety of phones to get the best deal
possible. With the WebEx Collaboration Cloud offering the connection except for the first and
NSA CAPSTONE: FINAL PROJECT
last mile which is handled by the chosen ISP this means that we don’t have to rely on a certain
carrier or provider to ensure a clear crisp connection or uptime. (Kobialka, 2014)
Part 5
Security is a huge concern for our company. This will require us to look at both our
physical and logical security as a whole and how to integrate them together to make a secure and
profitable work environment. Neither physical nor logical security is any less important than the
other. If someone has physical access to a server or computer, then they potentially have the
ability to bypass the logical security to gain access to privileged software and programs. Also,
with a great physical security and lack of a logical setup then a person can gain access without
stepping foot inside a building.
Physical security is an essential part of information technology security. As a
whole, physical security encompasses all parts of the network, from the system hardware to all
the wiring and support devices used to connect the network together. To keep our buildings and
devices secure we are going to be employing a variety of techniques that, when implemented
together will give us a very strong defense from an outside source or a disgruntled employee.
The process we are going to use will require security guards, fencing, cameras, key cards,
biometric readers, building patrols and scramble pads with levels of access maintained by our
security team and network administrators. The security company that we use will be a third party
and not an employee of the company with access to all non-secure spaces and the perimeter to
help maintain a non-biased yet essential role for our company. By using a third party we can help
reduce the abuse of power by an individual, manager or employee at our company. These
security personnel will be directly under or security team and CTO (Chief Technical Officer).
NSA CAPSTONE: FINAL PROJECT
We will patrol the common areas and the outside perimeter of the fence, with monitored checks
along the root. We will verify that all exterior doors are secure and that the secure areas are
locked and not left open for any reason. Whilst doing this they will make a report of any and all
defects or destruction that they find along the way.
The use of cameras will coincide with all doors that open to the exterior and to all
restricted access areas. The cameras will use PoxE (power over Ethernet) so that they are easier
to install and maintain. Also, the cameras will record to secured servers with special access to
only those with clearance and save data for no less than ninety days. This will ensure that if we
do have an incident it will be recorded and able to be viewed and kept for criminal charges and
or insurance purposes. The cameras will help make sure that no one is bypassing security or
trying to go through a door without using the biometric reader, scramble pad, or key card entry
designated for that door. If seen, security personnel and guards shall investigate immediately.
The scanners will be placed on all doors, each will be different dependent on the access level and
nature of the room being accessed. For general areas a key card scanner will be required. The
offices and medium security areas will have scramble pads with every person having an unique
code for access, and for high security areas like our server room or content development room
we will have biometric scanners to scan fingerprints for verification to get into the room that will
coincide with the keycard. (Deutsch, 2014)
All printers and fax machines and such will all be secured to prevent an individual
from walking way with the equipment. Printers store information in there memory and if
accessed they could reprint documents that could have sensitive material. (Shinder, 2007)
NSA CAPSTONE: FINAL PROJECT
Logical security allows users to access information and systems based on their
role and group inside the company. All resources should be restricted to the users that need
access to the information contained. The logical security for the company, are robust in their
scope however once implemented will be easy to monitor, add or change. We will be using
active directory to maintain access rights for groups, firewall protection, along with port and
packet filtering, with encryption to keep data sent secure.
We will be using AES encryption for our company. AES is already the standard
used by our government to secure sensitive unclassified information. With AES encryption the
data is encrypted with blocks of data of 128 bits using cryptographic keys of 128-, 192- and 256-
bits, respectively. Symmetric or secret-key ciphers use the same key for encrypting and
decrypting, so both the sender and the receiver must know and use the same secret key. There are
10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys -- a round
consists of several processing steps that include substitution, transposition and mixing of the
input that many possible keys cracking that encryption will not be possible in the foreseeable
future. This was one of the deciding factors in choosing our cisco security appliance for our
network throughout the different locations. Ensuring that all data is properly secured during
transmission is our greatest priority and with the cisco appliance it will be possible. (Dyke,
2001)
Our cisco brand specific firewall offers the protection needed for today’s
changing and dangerous network environment. Hackers are always trying to exploit a weakness
in an environment, often these attacks are extremely malicious and almost pose as a smoke
screen so they can steal data while a company is looking to block the attacks and restore the
network. By using the cisco firewall at our home and branch offices we will be a step to prevent
NSA CAPSTONE: FINAL PROJECT
this from happening. For our company we will be installing the firewalls after the routers in the
home and branch offices. For this approach we will be using the router as a first line of defense,
doing it this way will allow the company to set a simple rule set in the router that will block all
unwanted traffic. For this rule to happen we will set the router to only allow inbound traffic that
is HTTPS and VPN. Setting this rule on the router will only allow traffic to come through those
ports and block everything else. Doing this allows the firewall to be responsible for granular
filtering and determining which specific hosts may receive HTTPs and VPN traffic. This will
also allow the firewall to perform advanced analysis for further inspection and blocking of
unwanted traffic. (Chapple, 2009)
Also, we will be using Active Directory to help control our logical access. By
assigning groups we can limit individual access and give users only the access they need to do
the job at which they are given. This helps keep users from going beyond the scope of their job
and getting data that they can sell or destroy from another department. This ensures that the
groups will have separate folders and also separate resources in the system. Active directory is a
very robust system that will take time and meetings with the company to decide and determine
the true scope of implementation. By using this we can separate as much as the company as a
whole wants. There is enough resources that we can have administrator and security roles as
needed along with the many different server roles that can be implemented across the company.
(Rouse, 2012)
These are the outlines of our security protocols. They are a start that is fit for our
company and can be elaborated and expounded upon as needed. Also, by doing these steps we
can upgrade and keep the company up to date as needed. With using redundant servers we can
NSA CAPSTONE: FINAL PROJECT
truly maintain a very high level of security across the company as a whole and prevent theft or
intrusion from both inside and outside the company as a whole.
NSA CAPSTONE: FINAL PROJECT
NSA CAPSTONE: FINAL PROJECT
References:
Qbik New Zealand Limited. (2016). WinGate. Retrieved Jan 16, 2016, from QBIK: http://www.wingate.com/products/wingate-vpn/index.php
Allied Telesis, Inc. (2007). Configure the Firewall VoIP Support Service. Retrieved Jan 30, 2016, from Allied Telesis, Inc.: http://www.alliedtelesis.com/media/fount/how_to_note_alliedware/howto_config_sip_alg.pdf
Andrews, M. (1997, Mar 19). 3.3 Multimedia Protocols. Retrieved Jan 30, 2016, from gweep.net: gweep.net//~rocko/mqp/node9.html
Apple Inc. (2014, Mar 10). Media Player Framework Referance. Retrieved Jan 30, 2016, from iOS Developer Liberary: https://developer.apple.com/library/ios/documentation/MediaPlayer/Reference/MediaPlayer_Framework/
Bass, J. (2003, Aug 11). Cisco Catalyst 3750 stackable switches. Retrieved Jan 16, 2016, from NetworkWorld: http://www.networkworld.com/article/2335721/lan-wan/cisco-catalyst-3750-stackable-switches.html
Brooks, C. (2016, Jan 04). Best Business Phone Systems 2016. Retrieved Feb 14, 2016, from Business News Daily: http://www.businessnewsdaily.com/6780-best-business-phone-systems.html
Chapple, M. (2009, Feb 01). Should a firewall ever be placed before the router? Retrieved Feb 21, 2016, from TechTarget: http://searchmidmarketsecurity.techtarget.com/tip/Should-a-firewall-ever-be-placed-before-the-router
Cisco. (n.d.). Cisco UCS 5100 Series Blade Server Chassis. Retrieved Jan 16, 2016, from Cisco: http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-5100-series-blade-server-chassis/index.html
Cisco Systems, Inc. (2008). Cisco WebEx . Retrieved Feb 14, 2016, from Cisco: http://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/wp_whywebex_1009.pdf
Cisco Systems, Inc. (n.d.). Cisco TelePresence Content Server Data Sheet. Retrieved Feb 14, 2016, from Cisco: http://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-content-server/data_sheet_c78-626482.html
NSA CAPSTONE: FINAL PROJECT
Deutsch, W. (2014, Nov 24). How to Secure Your Building and Property. Retrieved Feb 21, 2016, from About.com: http://bizsecurity.about.com/od/physicalsecurity/a/What_is_physical_security.htm
Dyke, J. (2001, Dec 4). Commerce Secretary Announces New Standard for Global Information Security. Retrieved Feb 21, 2016, from NIST: http://www.nist.gov/public_affairs/releases/g01-111.cfm
Hoffman, C. (2015, Mar 10). Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP. Retrieved Jan 30, 2015, from How-to-Geek: http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/
Indiana University. (2015, Aug 25). Indiana University Knowledge Base. Retrieved Jan 24, 2016, from Best practices for computer security: kb.iu.edu/d/akin
Kobialka, D. (2014, May 20). Cisco Unveils WebEx Collaboration Meeting Room Service. Retrieved Feb 14, 2016, from talkincloud.com: http://talkincloud.com/cloud-companies/052014/cisco-gets-personal-unveils-webex-collaboration-meeting-room-service
Peterson, G. (2005, May 12). Principle of Fail-Safe Defaults in Service Oriented Security. Retrieved Jan 24, 2016, from 1 Raindrop: 1raindroptypepad.com/1_raindrop/2005/05/principle_of_fa.html
Rouse, M. (2012, Jul 1). Active Directory domain (AD domain). Retrieved Feb 21, 2016, from TechTarget: http://searchwindowsserver.techtarget.com/definition/Active-Directory-domain-AD-domain
SAVVIUS, INC. (2016). VoIP. Retrieved Jan 30, 2016, from SAVVIUS Formally WildPackets: http://www.wildpackets.com/resources/compendium/voip
Shinder, D. (2007, Jul 16). 10 physical security measures every organization should take. Retrieved Feb 21, 2016, from TechRepublic: http://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/
Snyder, J. (2011, Dec 19). Cisco UCS review. Retrieved Jan 16, 2016, from TechWorld: http://www.techworld.com/review/hardware/cisco-ucs-review-3326087/
Stephenson, P. (2015, Sep 01). Pulse Secure PulseWorkspace. Retrieved Jan 16, 2016, from SC Magazine: http://www.scmagazine.com/pulse-secure-pulseworkspace/review/4424/
Tech, C. (2015, Oct 23). Acer Aspire ATC-705-UR58 Review. Retrieved Jan 16, 2016, from Chad Technology: http://chadtechnology.com/acer-aspire-atc-705-ur58-review/
Recommended