Mr. Smiths Law Firm System Analysis and Security - Assignment Example

Mr. Smith’s law firm System analysis and security Introduction A company network is a crucial component of any organization. It provides an avenue where different resources and information can be shared between different departments within and outside the organization. Therefore, it is very critical that the network be designed and implemented in the most effective manner so that resources can be shared optimally. This paper seeks to discuss the best test program for video conferencing among remote office locations, the naming structure for Mr. Smith’s network and network security in each of the departments. In addition, it describes the functions of different devices in the network and the needs of main departments in network design. 1. Prototyping Program testing is the process of revealing defects in software and establishing the degree of quality assured by the software using certain attributes. Prototyping is important before implementation of the whole software so as not to compromise the system with a defective product, or compromise the system security (Shelly& Rosenblatt, 2011). Prototyping is the process the IT team comes with the early version of the information system, which is called the prototype. Prototyping involves repetitive series of analysis, design, modeling and testing of the law firm’s network. Mr. Smith is the test manager for the law firm on the suitability of the video conference application, and he is charged with the responsibility of customizing the program to meet the law firm’s needs. System prototyping Since this is a purchased program that has being tested on various fronts by the manufacturer, system prototyping would be appropriate as it avoids redundancy in retesting units already tested by the manufacturer and focuses on how it can be customized to suit the organization. System prototyping has several phases, namely: The RAD approach would suit the firm as the technical team is able to apply it to develop a model for their system. The approach is utilized in the analysis, design, and test of the software. The user requirements can be assessed by design prototyping. Design prototyping ensures that the end product model is user approved and incorporates the documents and benchmarks that define the finished system.This kind of designing captures user input and approval while continuing with system development. On the other hand, throwaway prototyping would be more appropriate if the system had an organized system unlike the case for the law firm servers for the different departments are spread out but having a centralized database (Myers, Sandler & Badgett, 2011). In the analysis phase, the software has to be tested. Software testing is important in configuring it to the organizations requirements. The tests performed are: Usability testing: the test is carried out using a real world environment where a section of law firm is used to test its usability. This includes ease of use, configurations, and interface. Security testing: the software has to be tested that it does not comprise the firm’s security set up. The linkup codes are analyzed and research from independent users on their experience with the software is considered. Acceptance testing: the initial requirements of the organization are weighed against the user needs and feedback from the users on the feel of the new software. Installation testing: does the software generate errors in installation or is it compatible with other programs in the system since the program must be installed by the each user in the company. Why system prototyping? System prototyping is selected in this case as the user needs are know; the video conferencing model is not complex as the software has already been developed; the nature of video conferencing is unreliable; the law firm requires the application working within the shortest time possible and it’s also easy to schedule visibly. The other options would have been the throwaway prototyping but it works well with a more organized system unlike that of the law firm and the extreme prototyping model has similar weaknesses (Shelly &Rosenblatt, 2011). Parallel prototyping would mean enforcing the pilot to run parallel to an existing system but the organization does not have a running video conferencing tool, which would mean putting the software up without testing it (Dennis &Wixom, 2008). The V-model is poor with unreliable systems, while the waterfall model would not provide schedule visibility, important in implementing a multimedia tool. 2. Network structure naming Mr. Smith is in charge of the network and coming up with logical and an appropriate name for the systems components is part of that responsibility. A structured naming rule would be most appropriate for a large organization like Mr. Smith’s. The naming can be done all at once on by attrition, where the computers are named progressively while maintaining the old convention until all the network components have been named. For desirable and effective naming, the following nomenclature is observed (Dumoulin, 2006): Parsability: the phrase used to name the component, should convey its meaning such that any person using it can infer meaning from reading the component’s name. Parsability also helps in categorization as the structure can be used to automate and program the computers. Number sets to define an information component: before implementation, each component possible values should be identified and combinations of these values identified in the event new components are introduced into the system. This ensures the network is not overhauled every time a new information component is introduced. Consistency in numbering characters: all computers names should have same name length, to ensure programming is easy. In the event that establishing consistency in length is not possible, the variable components should be placed on the extreme right positions so that the prefix remains the same for easy search as the component will retain the element of predictability (Redmond, 2008). Permanency in information component: this means that the components to use in the naming rule must strike balance between probable usefulness to users and the overhead brought about by the degree of permanence. Logical and intuitive: the utilization of drill down approach in geographical naming, consistency in the number of characters used, recycling present information, data that describes the computer and the employee. Mr. Smith can adopt the following Division (D) – City (C) – Floor (F) - Portability (P, i.e. laptop or desktop) - Operating Environment (O, i.e. test, development or production) - Numbering Scheme (NS, i.e. the computer number in the department) Examples 1. HRCHI32PCDEV20 2. RCCHI 36PCTES50 The same will be applied for printers in the various departments and the difference will be on portability and introduction of printer type column (DeskJet, LaserJet, etc). The firm has servers for each of the departments, meaning that they only have three servers. For servers, the technical aspect is all that is considered in its naming as the administrator is the one to determine. A good naming convention would follow the design below. Geographical-location_Network-Device| Division_Network-device Functional naming is also applicable when monitoring is required. This ensures that troubleshooting a particular issue is made easy (Redmond, 2008). For the law firm, the networks that function for each of floors can be named as follows: HR and Accounting: server 32 Research, IT, and Corporate Administration departments: server: server 33 Partners: server 35 Reception &conference hall: server 36 3. Network Security When computers are networked as in the case of Mr. Smith’s law firm, security problems are bound to occur. The network is either local area network or wide area network. The speeds are improved but the connections are made to one medium. The data centre in which every department is linked to is an example of such a connection (Ciampa, 2011). The vulnerability of a network system is in its implementation, design or in its policy in general. The security of a network can be compromised by attacks. Network attacks are attempts to damage, sabotage, or steal the property, be it real or intellectual, in order to gain information and/or competitive advantage. Communication over WAN is done on TCP/IP protocol which has become the de jure standard for communication. However, this is far from the truth. TCP uses ports that pass information to higher-level layers. The mechanism enables TCP/IP multiplex communication between routes to the end stations. This port numbers keep track of different information send or being received, creating the greatest weakness of the system as attackers targets this weakness. In addition, physical insecurity can lead to some of these weaknesses brought about system access, namely: Snooping: this is in the form an attacker who has access to the system and looks for interesting information. This can be in the form of hard copy material or electronic from individual computer access or through hacking information on the TCP/IP s IP address spoofing: in this kind of threat, the attacker replaces the IP address of a sender or some scenarios though rare are the destinations with different address. This can be used in denial of service to the satellite offices that are to be launched by the law firm. When a Denial of service (DoS) is launched against a host, attacker is normally not concerned with retrieving information but to deny the user access to the server, compromising their activities Covert channels: this is a communication channel between two entities; it can be between the firm’s database and one of the departments or between two departments, which can be exploited by a particular application or process that transfers information in a procedure that violates the system’s security settings. IP fragment attacks: IP allows the fragmentation of packets. IP fragmentation offset is utilized in keeping check of the various datagrams. The information or content in this objects are used in the target to rebuild the datagram. Access routers and firewalls do not perform data reassembly. IP fragmentation offset is identical and does not overlap but attackers can artificial fragmentation packets to misdirect the routers or firewall (Laet& Schauwers, 2005). Connection hijack: TCP connections are easily hijacked by unauthorized users, as their transfer protocol is too flexible to manipulate. Network optimization Buffer overflows protection: Buffer overflows are not rare in data storage and management. Once the temporary data storage area has been filled, the process always strives to store more data in the buffer than it was originally intended. This information the attacker can get through a poorly coded program that can retrieve this data and store it in a separate storage area away from the host. Protection can be done by rewriting the code or making the buffer memory storage space non-executable (Laet & Schauwers, 2005). Firewall: this can be a standard or web application, depending on Mr. Smith’s firm’s risk. The standard firewall filters all traffic at extensive level from source addresses to packets. However, a web application firewall checks packets that carry HTTP traffic on the application layer of the ISO. Spam filters: these can work on both the SMTP and POP3 protocol to ensure that data packets transmitted are safe from manipulation by malware attachments. The law firm can install its own filter, that commercially available and are used to protect corporate databases from such threats. Network devices to be used: To achieve the required functionality in the network, various devices will be used. Below is the list of device with the functionality to be achieved by each: 1. Gateway: This device acts as the local area network to the internet. It acts as the link between the local area network and the network and offers security to the local area network by preventing malicious intrusion from the internet. The gateway device also allows communication between the local network and the internet (Sosinsky, 2009). 2. Routers: A router acts as a packet forwarding device with more than one interface. It takes packets / data received on one interface and forwards it to another part of the network, through a different interface based on the destination network. In addition to packet forward, routers are also used to subdivide a network by configuring the different interfaces with different subnet addresses. In their routing functions, routers also play the role of error handling and congestion control by determining the best path to be followed by packets to avoid cases of congestion within the nework (Cardwell, 2007). 3. Switches and hubs: The main function of switches is to connect multiple devices such as computers, hubs and other switches within the network. Unlike hubs, switches provide a scenario with numerous collision domains whereby each port is independent of the other thus making data transmission faster (Ogletree, 2008). On the other hand, devices connected to a hub share a single address and therefore the network speed decreases as the number of connected devices increases thus making them unsuitable in networks. 4. Network cables: these act as the transmission media between different devices within a network. There are various types of cables, which are used for connecting different network devices. These include CAT 5 and CAT6 unshielded, twisted pair cables, coaxial cables and shielded twisted pair cables. 5. Wireless access points: Wireless access points allow wireless enabled devices to connect to an available wireless network. This provides a less costly and more efficient way of sharing network resources since it removes the need for running cables within the building. 6. Network interface cards: These are the connection points between a computer and a network cable. They are connected to the PCI slots of a computer. 5. Network design For a successful network to be established, the designing process must involve all the divisions of the organization, especially the top executives. The designed network must satisfy the demands of the organization, be reliable and secure, and be cost efficient. The top down approach would be appropriate for Mr. Smith’s firm, as it would fit the information needs of the organization. The need for planning for each department, designing, modeling, and information gathering is integral incoming up with the organization’s blueprint. The firm’s resources are known with computers, printers and network devices given. Networks must the drawn I charts and diagrams of the devices that are interconnected and the regulation/ control process (Laet & Schauwers, 2005). Requirements and constraints have to be analyzed in designing a network. The requirements incorporate the old system requirements and the new ones. In the law firm’s case, the latency problem that affects the accounting and human resource departments is part of the old system requirements. However, this could as well fit into the current network constraints. The constraints are hindrances that the firm faces in achieving the ideal network. These can be political, social, technical or economic (Oppenheimer, 2004). Technical constraints always impact the technical development of the network. The firm has 275 computers, printers and one centralized server. The technical constraint that causes latency in the transmission is either low bandwidth or slow speeds. This can be boosted by increasing the amount of servers to serve the departments or improve the supercomputer used in the server room. Device configurations can also address the constraint. Social and political can be handle while economic constraints will dictate upon what system the firm can afford. Scalability is an integral aspect of network design. It involves provisioning for growth while prioritizing the main aspects of the organization. The expansion in terms of end users of the firm is most likely to be in the key departments of the firm, and capacity must be build therein. Moreover, network system development model follow the organizational model. CISCO develops network models for its clients following their organizational structure. Key departments in a firm are the most staffed and have subdivision within them. This means that for a network to successfully address the organization’s needs, key departments needs must be addressed, highlighting their significance in network design and proportionately affect how the network is build (Oppenheimer, 2004). References Cardwell, K. (2007). The best damn cybercrime and digital forensics book period. Rockland, Mass.: Syngress. Dennis Alan & Wixom Barbara Haley. (2008). System analysis and design. John Wiley & Sons. Ciampa, Mark. (2011). Security+ guide to network security fundamentals. Cengage Learning. Laet, G. D., & Schauwers, G. (2005). Network security fundamentals. Indianapolis, Ind.: Cisco. Myers, G. J., & Badgett, T. (2011). The art of software testing (3. ed.). Hoboken, NJ: Wiley. Ogletree, T. W. (2008). Upgrading and repairing networks(3rd ed. ). Indianapolis. Ind.: Que Pub. Oppenheimer, P. (2011). Top-down network design (3rd ed.). Indianapolis, Ind: Cisco. Pierre Dumoulin. (2006). Determining a Good Naming Convention for Your Network. Retrieved on 24 May 2012 from http://www.techrepublic.com/article/determining-a-good-naming-convention-for-your-network/6132500 Redmond, T. (2008). Microsoft Exchange server 2007 with SP1 Tony Redmonds guide Shelly Gary B. &. Rosenblatt Harry J. (2011). Systems Analysis and Design. Cengage Learning. to successful implementation. Burlington, MA: Elsevier/Digital Press. Sosinsky, B.A. (2009). Networking Bible. Indianapolis, IN: Wiley Read More