This task is about calculation. Here I was told to calculate the TCO of the online retail system. Besides, I was also told to calculate annual loss expectancy of the system with my own verdict on introducing a part-time security administrator.
The probable cost of 5 years and turnover
8 Web Servers = $15000 Ã- 8 = $120000
2 Database Servers = $25000 Ã- 2 = $50000
Maintenance cost of Web Servers = $1500 Ã- 5 = $7500
Maintenance cost of Database Servers = $2500 Ã- 5 = $12500
5 year salary of Web Admin ($40,000 each) = $80000 Ã- 5 = $400000
5 year salary of Infrastructure Admin = $40000 Ã- 5 = $200000
Annual Turnover = $ 46 million
Estimated cost of system breach = 0.2% of TCO
Total Cost of Ownership
The eight web servers cost $120000 each costing $15000. The two database servers total $50000. The maintenance cost of web servers and database servers figure is $7500 and $ 12500 respectively for five years. The five salaries of web admin and infrastructure admin are $400000 and $200000. By calculating all the amounts the TCO stands $790000 for five years.
Annual Loss Expectancy
ALE = SLE Ã- ARO
Before I came here the security breach has been broken thrice. The attacks were quite similar each time the security being breached. The first one took eight hours which costs $600 and the other lasted for one our each which costs $400 respectively. These totals $1400. After an acquisition I came to know the system bogs down another eight hours in a month. So SLE (Single Loss Expectancy) is four which costs $2000.
In the record of company's history, the SLE occurs 5 times a year, so the total costs stand for $2000 Ã- 5 = $10000. So the ALE (Annualized Loss Expectancy) is $10000 with an ARO (Annualized Rate of Occurrence) of 5. So in 5 years it totals:
5 Ã- $10000 = $50000
In total the breach incurs $50000 + $158000(0.2% of TCO) = $208000 in 5 years, it costs $41600 per year.
Suggestion
Any online retail company would love to reduce their system breach of attack in order to draw customer attention and company's goodwill. It's a global fact that prevention is better than cure, here is the same too. If the company puts a part-time web administrator with an annual salary of $40000 per will be able to minimize the breach cost by 80% which is $166400 in five years. The breach cost will fall down to $41600, in average $8320 per year.
When the security gets pumped up, the annual turnover increases too. By some calculation it is estimated that annual turnover may increase by 7% which means $49.2 million annually.
Summary
The task has been successfully done. The calculation TCO and ALE helped me understand effect of security attack on the system. I have followed up with a suggestion to employ a security administrator.
Task 2
Introduction
This task is on setting up architecture in the form of a diagram. I have been suggested to provide a basic network for the company which would be ideal for them. Moreover, the task requires proper explanation and just on component that I would include in the drawings.
Fig.1 Basic Network architecture
Here on this diagram, I have designed a secure network layout. The system has:
100 PC
3 hubs
2 database servers and 3 web servers
3 switches
2 routers in and between 2 firewalls
Purpose
The purpose of network architecture is to provide assistance and guidance to implement high quality network. This is a basis on which the devices will organized and installed in proper order.
Components of Network Architecture
There are 100 workstations in the network, attached to hubs which are connected to a switch. That switch is connected with 10 internal application and print server. The router is plugged in to a firewall. After that, there is a secure zone of DMZ, which is the Web server connected to a switch. After that there is a firewall for double protection. Then the network is channeled to the cloud portion with another router.
Topology
The topology, star, that is drawn in the diagram connects the computers through a wire or cable. The star topology employs a central connection point, called a router, hub, and switch. The computers on the network radiate out from this point. The job of the central point is to switch (relay) the users' data between user machines and perhaps other central connection points. On the diagram the hub is connected to switch which centrally monitors workstation.
Justification
The installation of two firewalls between the web servers was to make it a DMZ area to ensure connection of the Internet. A demilitarized zone prevents inconsistency of web technology from any outbreak of attack or breakdown.
The result is a simple and sustainable network model - an enabler for an adaptive enterprise that can help maintain a secure network functional. There is a good chance of making the organization to accelerate its business with proper security. This will all result in creating good relation with Partners and suppliers easily.
Summary
This task was successfully completed. Everything explained and sketched was nicely organized. The task was about ideal network architecture drawings. It also included the justification of putting components and devices on the network, which was properly mentioned. It was indeed, a well and effective one.
Task 3
Introduction
Here on this task I have been told to write a report on foot printing an online retailer (without using any illegal tools) and write up a report on how I did it, this would also include information I found out and how you would use that information.
Date: 15th July, 2010
To: Mark Steven
From: A R Roman
Subject: Searching for a foot print
Executive Summary
Any business performing their job online has a website. This websites are hosted on servers in the Internet platform. So it is merely easy to get information the site with optimum time. Foot printing is just one among them. The tool can provide me with information includes the technologies that are being used such as, Internet, Intranet, Remote Access and the Extranet.
Foot printing an organization
The process of creating a blueprint or map of an organization's network and systems gathering information is known as foot printing. Foot printing begins by determining the target system, application, or physical location of the target. [1]
There are many steps that a hacker can perform to get a good picture of an organization's layout. It includes:
Domain name lookup
Whois
Nslookup
Sam Spade
I have used 'Whois' tool to obtain information of the website ebay.com. The 'whois' query has provided me with IP address ranges that are associated the ebay web server. 'Whois' query has also provided the administrative contact, billing contact, and address of the target network. With the located IP address I have established a connection to gain some critical information which, in my sense, is illegal.
It has been a fruitful discovery of actions.
Reference: http://www.dnsstuff.com/tools/whois/?tool_id=66&token=&toolhandler_redirect=0&ip=www.aol.com
http://www.sans.org/reading_room/whitepapers/hackers/fundamentals-computer-hacking_956
http://www.informit.com/articles/article.aspx?p=25916
