Here's a list of key points that are covered in this scenario:
- IP Scheme
- Workstation Security
- Turning off unnecessary services
- Internet access policies
- Anti-Virus considerations
- Intrusion Detection / Prevention
- Man-in-the-middle prevention using ARPwatch
- Firewall Settings
- The DMZ
- Why do you need this security?
To set things up this is a basic scenario that could happen to anyone. I'll be using the fake name of "InterPath."
On April 11th, 2008 InterPath Financial Institution (IFI) was broken into by hackers. They breached into our main headquarters where we maintain all of our customers personal information. We are unsure of what they took, changed, or if they still have access to our computer systems. We have informed all of our customers who's data was stored at the main headquarters. We have about 25,000 customers 15,000 of which are stored at our main headquarters. This is unacceptable and we don't know the damage that's been done.
The company, InterPath, has three locations. The headquarters, a call center, and a marketing center. The network's infrastructure is going to be entirely redesigned to include a nice way to transparently monitor everything that goes on. I've come up with a network diagram for each.
Main Headquarters, Las Vegas, NV
Customer Service Call Center, Mesa, AZ
Marketing Center, Phoenix, AZ
All three locations are connected through a high-bandwidth internet connection using IPSec over Layer 2 Tunneling Protocol (L2TP).
To read my entire solution to this problem, which goes into much more detail, there is a PDF file attached below. Please feel free to read it and give me any feedback.