MAB LAW FIRM
NETWORK MERGER PROJECT

Executive Summary

Inherent Challenges in merging two networks
It is important when integrating multiple networking systems to do a thorough investigation of all systems and use prudence when implementing any strategy so that possible problems can be dealt with as efficiently as possible thereby limiting costs of the actual project itself and loss of revenue due to network downtime.
There are some differences in equipment which needs to be dealt with since each firm is using different types of network operating systems, servers, case management systems, and how users connect to the network. Currently both firms have separate security policies and these will need to be reviewed, revised and merged to meet the criteria of the new merged network system.
One of the biggest challenges will be the case management systems as Bellview Law Group is using a legacy application while Myrtle and Associates is utilizing a more current web-based system. A migration plan will need to be developed to bring the legacy system over to the web-based system. While this migration is taking place both systems will need to run in parallel so that the data will be accessible.
Training will be another issue that needs to be addressed since the staff from Bellview Law Group currently access data only from desktop PCs. they will need to be trained not only on the new web-based case management system but also on the new hardware as well.
Finally the actual integration itself will be quite challenging. Timing can be an issue and we’ll want to have the least amount of impact on users and ultimately on the business. Since Bellview Law Group is running the older legacy systems the recommendation would be to move the servers over to Myrtle and Associates system and install Terminal Server access for the Bellview Law Group offices. Access to the servers would be accomplished through leased T1 lines. This can be done quickly and with little downtime. Then a parallel system would be set up to run while the legacy case management system is migrated to the newer web-based system. This migration may take a few months but by running a parallel system there will be no down time to the business. Security Plan

MAB Law Firm Network
A security plan is important as it provides the framework for keeping the organization at the desired level of security. This is done by assessing the risk that the organization is faced with and implementing a plan on how those risks will be mitigated. This also includes how the security plan and policies are kept up to date.
The security plan not only covers the actual physical assets but the organization’s data as well. This includes system integrity, confidentiality, and availability.

Section 1 – Physical Security
A network cannot be secure until it is physically secure. Physically security falls into two realms, network servers and user equipment like PCs, laptops, and smartphones. Physically security doesn’t mean just keeping equipment locked up; it also means protecting it from unauthorized access.
Network Servers - Servers will be locked up in the IT Room and access will be limited to authorized personnel. Other network equipment included in the IT room includes the firewall, switches, routers, and telephone equipment. All server equipment will be password protected as well.
PCs, Laptops and Smartphones – All user equipment will have passwords. Users will be required to use strong passwords and change them at designated times as detailed in organizational policy. To prevent unauthorized access user accounts will be set up with stringent permissions based on access needs.
Wireless Network and Access Points – To prevent unauthorized access the highest level of encryption will be enabled. SSID will have a unique name and broadcasting will be disabled. Section 2 – Potential Threats and Recommended Security Measures
Hardware failures - This could be a something like a hard drive crashing or a file server locking up or something more widespread like a power outage.
Redundancy is crucial in this area and a simple, easy security measure to implement. Installing backup power supplies will protect the system when there is a power outage. Ensuring that data backups are performed as scheduled and are regularly tested is another critical measure to have in place. Finally deploying redundant hardware to provide fault tolerance and taking advantage of other technologies to spread data across multiple drives will help maintain system integrity in the event of a hardware failure.
Viruses/Malware – This is defined as any program or code that is created to something to a system that you don’t want it to, usually something harmful. It can come in many formats such as a virus, adware, spyware, macro, etc. (Meyers, 2009, ch.17).
The most common way to deal with Malware is with anti-virus and/or malware protection software. These programs should be installed on every computer. A firewall is another important part of virus/malware protection and it needs to be setup properly and kept up to date This includes blocking any unnecessary ports so intruders can’t access the network. Other important steps to mitigate this threat are to ensure system users are properly trained on organization policy and procedures and that your systems are kept current with software patches and updates.
Social Engineering – Social Engineering is defined as the many ways people can use other people to gain unauthorized access to information (Meyers, 2009, ch.17). This includes telephone scams, email scams, phishing attacks, or even someone physically trying to gain unauthorized access.
Social Engineering is the most common and largest form of attacks most systems experience. Phishing is one of the worst types as it can appear to be completely legitimate. It might be an email from a trusted company stating that the user’s account information needs to be updated and directs them to click a link that looks legitimate but in actuality will take the user to a phishing site.
Dealing with Social Engineering attacks means being prepared by having good policies and procedures in place and the policies are enforced. Equipment is properly protected with anti-virus and/or malware protection software and kept up-to-date. Users must be trained and held accountable to organizational policy. Testing the policies and procedures is critical to dealing with Social Engineering attacks. Testing must be done regularly to ensure the plan is working effectively and any necessary updates are implemented.
Denial of Service Attacks – This is an attempt to disrupt network services either temporarily or indefinitely depending on the motive for the attack. Most often these kinds of attacks are perpetrated against web servers or email servers, a host which has an Internet connection. These attacks are carried out by overwhelming the server with requests so that it cannot respond or responds so slowly it becomes virtually unavailable.
Using a network Intrusion Detection System is an especially important countermeasure to help protect against Denial of Service Attacks as it can automatically detect and respond to such attacks. Having proper hardware protection in place such as firewalls, switches and routers and applying certain rules and settings to the hardware setup can also protect against attacks. It is also important to keep current with all software patches and updates.
Wireless Networks – Rogue Access Points – Unauthorized wireless access points can be a huge risk and problem for today’s networks. They are easily installed because they are essentially plug and play devices and they are very inexpensive. Most often they are installed for the convenience of the network user but due to lack of proper training or installation oversight the access point is not setup with proper security which makes it an easy target for unauthorized access.
Using a wireless intrusion prevention system and monitoring it diligently will be necessary if a wireless network is going to be put in place with access points. Section 3 – Intrusion Detection and Other System Auditing Measures
No security plan would be complete without some kind of monitoring and auditing process. This process monitors computers and network activity both inbound and outbound for any kind of unauthorized activity or system weaknesses. Using an intrusion detection system along with good auditing tools will provide for a safe and secure networking environment.
An intrusion detection system (IDS) is an application or device that monitors the network and/or individual computers/devices. A good system will run both types of applications. The purpose of such a system is to identify possible attacks, log information about the attack and report on them. An intrusion detection system can also be used to identify issues with the security policy and procedures thus giving organizations another tools in which to monitor and update their internal monitoring and training systems.
Intrusion detection systems can be pass or reactive. In a passive system the IDS simply detects a possible attack, logs the information and alerts the system administrator. A reactive system otherwise known as an intrusion protection system will automatically respond to a suspected attack in a number of ways such as resetting the connection or blocking network traffic at the suspected source.( http://en.wikipedia.org/wiki/Intrusion_detection_system)
Auditing systems track and log what happens on the network. Logs can be viewed to see who is accessing the network, what they are accessing, and when they are trying to access the network.
Firewalls – They block unwanted traffic and can log traffic in and out of the system.
Access Controls – This includes user passwords as well as configuring system access based on required permission levels.
Network based IDS – This type of intrusion detection system examines network traffic at key points like routers and switches and monitor for malicious traffic.
Log Management – With the intrusion detection system in place as well as other system monitoring tools like firewalls and anti-virus protection a number of log files will be generated that will create an audit trail what is happening on the network. This will create a good monitoring tool for reviewing and making changes and updates to the network security system.
References

Every company needs to have a security program. Retrieved from http://www.appliedtrust.com/resources/security/every-company-needs-to-have-a-security-program
Meyers, Mike. (2009) CompTIA Network+ All-in-One Exam Guide, Fourth Edition. New York: McGraw-Hill/Osborne
Benson, C., Bensch, D., Human, D., De Klerk, L., Grobler, J. Security Planning. (n.d) Microsoft/Technet. Retrieved from http://technet.microsoft.com/en-us/library/cc723503.aspx
Intrusion Detection System. Wikipedia. Retrieved from http://en.wikipedia.org/wiki/Intrusion_detection_system