Integrated Distributors Incorporated is facing a lot of challenges. The IT infrastructure has a lot of outdated hardware and software in multiple locations. This greatly increases security risks and exposes confidentiality, integrity, and availability. Some network compromises have ensued due to the outdated hardware and software. Sensitive and strategic information has been leaked to the public and it is time we put an end to this. End users are the number one security risk and must be dealt with first. In order to accomplish this goal, the company will need to replace the old, outdated systems with new, up-to-date systems. Dell is the optimal company to pursue these systems as they have a full support system that comes with the workstations. All networking components will need to be upgraded next as the current system is not very secure or reliable. I suggest going with a full cisco infrastructure and maintaining physical security by putting all of the switches in racks.
Upgrading the infrastructure to a unified cisco presence will also scale into phone systems as well with VOIP options. This will also allow a unified presence with instant messenger and meetings online as well. A Cisco VPN will also be installed for remote access controls. The entirety of the network will have to be protected with Barracuda Firewalls as the threat to intrusion is rather high judging the frequency of the preceding attacks. The company will need to do a cost management analysis to this, however from my understanding, with the increased efficiency; we will be looking to come out on top after a three year return of investment on this purchase. I fully recommend we look at putting a honeypot somewhere in the DMZ so we can monitor how hackers attempt to gain access and thwart their efforts in the future. The Warsaw, Poland location, we must find a new proxy server to replace the IBM Infinity hardened server.
The decentralization of all file servers and application servers will need to halt. Virtualization will need to be implemented over the first year to gain stability over the market with our products. I nominate we rent space from RackSpace in two separate locations to gain redundancy and minimize our latency in the event that customers attempt to connect from a different location. RackSpace has extremely tight security and without authorization, access is not granted. The locations for RackSpace will be Dallas and Chicago as they are far apart and both locations are not as susceptible to the elements as other locations. Virtual hosting solutions will be set up in both locations and a full 100mbps MPLS circuit will be needed for replication purposes. A bulk of the hosting will be done from Dallas and most of the backup servers and replication hosts will be in Chicago just in case of a power outage within Dallas.
An intrusion detection system will need to be set up to find intruders and alert IT staff to lock down the network. In order to prevent them from getting in, we will need to have an intrusion prevention system as well. The intrusion detection system will be set up to send e-mail messages to each network engineer. I also nominate removing Mareck from the Information Technology department and finding him a more suitable position as he is not fit for the position he is currently holding. All software that is currently being used will need to be researched and replacements will need to be found. We must find another software vendor to replace Oracle financials for accounting and financial systems, Logisuite 4.2.2, and RouteSim.
All patching for computers and servers will need to be done manually and never automatically. All automatic updates will need to be turned off as they can potentially cause an outage. The information technology team will determine when patching will take place and send an e-mail stating when it needs to be done. In conclusion, IDI has a lot to do in order to secure their data. The cost effective and efficient manner is a very difficult solution, however the payoff is way better.