For this question I would have to go with the WLAN Star topology, the main reason for using the WLAN is for your wireless users to be able to connect to the network via an access point. Other reasons for using a WLAN, you would be able to have the ability to have the pc’s connected via CAT 5 still connect to the network. Security is a big issue for your company, the purpose of that would use the WPA, IDS/IPS, proxy servers, packet filtering firewalls that are locked a room like we have in Amazon, it’s a secure badge and pin combination room called out MDF room that is always cool with 2 cooling systems in there it have limited access to only IT personal.
With the following security measure and the knowledge I have obtained up this point in these current and previous classes and working for Amazon, this would be a great way to have a fully secured network. With having WPA it will provide a strong data that will allow only authorized users to be able to access the wireless network. Like in the Visio diagram, the IDS/IPS with both enable the network to find anyone that tries to log into the network and allow to quarantine any hackers, like at Amazon we have the software Tanium to cover that. With having the firewalls and packet filters will examine the packets that are attempting to go in and out. By blocking the outgoing packets will stop anything that could potentially create any harm or shut down the entire node/network.
Blocking certain IP addresses, will allow you to keep any bad ports and configuring the firewall. By using a proxy server that I have next in the diagram instead of just the employees’ desk, it will improve the network all together in catching any files, just by the configuration of the server. The IT department will just have to have restrictions on who can log in and what access each person will have in the company.
Use your favorite search engine (e.g., Google, Bing, Yahoo) and research the topic Remote Desktop. I am familiar with the term Remote Desktop at Amazon.com in the IT department we have software that is installed on every desktop and laptop that is connected to our secured network. The software that is on each terminal is Tanium Quarantine, with this software it will notify us if any one’s computer is out of the standard compliance to the network, we get a auto-cut ticket each week to go around and check the spreadsheet that houses the computer on our network that falls out of compliance.
There are 10 levels that they can fall under, from being 1. Fully Patched to 9. Isolated, if they are 10. They are not under the Unknown Error, which occurs in the event that the machine was unable to properly report its status. This is likely a transient error, but certain machines may simply fail on this consistently. This error is commonly reported on newly imaged machines if they have not yet received all dependencies needed to do patch status evaluation from Tanium and will self-remediate.
What then would do is locate the person that is not fully patched and run several updates: such as windows update, bring up the cmd.exe and run a few commands to remove them off the list and also run the repair in the configuration manager under components, this will repair the SCCM. You can also run the regedit and gpupdate /force. When you are not able to locate the terminal or if you are running some major updates this is where the remote command comes into play. I would then remote into the terminal with the Asset Tag that is associated with the computer and if the laptop/computer is on and connected to the network I will be able to remote in like I am right there logging in.
I would log in with my Admin account and run all the necessary updates that are needed to remove the computer from the Tanium list. This is also a great thing to be familiar with, when someone calls me on the walkie talkie and say they are experiencing an issue I can either remote in using remote desktop or we have another software that they won’t get logged off from, TightVNC, which with this kind of remote has been a HUGE help for me being the only one in this building working nights. If I run into an issue I can IM my fellow colleague and they can remote into the computer I am trying to fix and show me how to do it and show me the few steps I skipped.