An outline of a security plan that discusses the areas that the school will need to address, and recommendations for policy, staffing, and hardware/software to implement it.
McVey Intermediate School District Memorandum
To: Mr. Michael McVey, CEO
From: GYG Consulting
Date: March 15, 2012
Subject: IT Security Solutions
We welcome the opportunity to discuss an upgrade in network administrative systems for your new school. The following will outline five key items that will offer the highest level of network security, thus, ensuring confidentiality, integrity, and availability.
The server structure will be bid based, and determined when the school population is determined. A core component of the vendor bid will be Virtual machines with hot swappable redundant array of independent disks (RAID) and fail-over clustering to ensure 99.999% availability. Equipment location will be in an environmentally controlled room with access based on multifactor authentication and camera monitoring, thus, a multilayered approach to security.
Faculty and teachers will be using laptops and/or tablets. Device security may be provided by LoJack, which will work with law enforcement in case of theft. To retain confidentiality the devices will have the trusted platform module (TPM), with full disk encryption using data encryption standard (DES) on all devices. Further, authenticity will be maintained with biometrics (thumbprint or fingerprint).
Wi-Fi offers mobility and scalability and security is a concern here as well. We propose the WAP be linked to a fiber link in the classroom, authentication, authorization and accounting (AAA) will be provided by a Remote Authentication Dial In User Service (RADIUS) server with IEEE 802.1i infrastructure. Confidentiality will be provided through AES-Counter Mode CBC-MAC Protocol. Our proposal with Wi-Fi is to implement IEEE 802.11n, thus providing needed performance, and allowing for scalability.
All wireless network communications will be provided through VLANs, with infrastructure design to be determined when the current and proposed growth for classroom size is determined. InterVLAN communication will be provided by layer 3 switches which will be purchased based on vender bid.
Network security will be provided by Fortigate, an all-in-one security appliance with a built-in intrusion protection system (IPS), data loss prevention (DLP), and IPV6 support. Fortigate also offers virtual private network (VPN) support as well as anti virus and anti-malware support.
Part 1
An outline of a security plan that discusses the areas that the school will need to address, and recommendations for policy, staffing, and hardware/software to implement it.McVey Intermediate School District
Memorandum
To: Mr. Michael McVey, CEO
From: GYG Consulting
Date: March 15, 2012
Subject: IT Security Solutions
We welcome the opportunity to discuss an upgrade in network administrative systems for your new school. The following will outline five key items that will offer the highest level of network security, thus, ensuring confidentiality, integrity, and availability.
In conclusion,