CTU Online

IT 140 Introduction to Operating Systems and Client/Server Environments

Class Project

Mark Murphy 8/13/2012

TABLE OF CONTENTS Contents

TABLE OF CONTENTS..................................................................................................................................... 1 PROJECT OUTLINE ......................................................................................................................................... 3 CURRENT OPERATING SYSTEMS ENVIRONMENT ......................................................................................... 6 FUTURE EXPANSION...................................................................................................................................... 9 OPERATING SYSTEM COMPONENT ASSESSMENT ...................................................................................... 10 SWOT- STRENGTHS, WEAKNESSES, OPPORTUNITIES AND THREATS CHART ............................................. 10 COMPUTER COMPONENTS ......................................................................................................................... 12 CLIENT SERVER OPERATING SYSTEM SUPPORT .......................................................................................... 19 USER ROLES AND RESPONSIBILITIES IN A CLIENT/ SERVER ENVIRONMENT .............................................. 19 LICENSE POLICY ........................................................................................................................................... 19 ADDING AND REMOVING CLIENTS.............................................................................................................. 20 HOW TO ADD CLIENTS USING ACTIVE DIRECTORY ..................................................................................... 20 To add a Local User Account: ...................................................................................................................... 20 To add a Domain User Account: ................................................................................................................. 23 HOW TO REMOVE CLIENTS USING ACTIVE DIRECTORY .............................................................................. 27 ENVIROMNENT ........................................................................................................................................... 29 OPERATING SYSTEM SECURITY ................................................................................................................... 30 PHYSICAL SECURITY..................................................................................................................................... 30 COMPUTER SECURITY ................................................................................................................................. 31 SECURED AREAS INSIDE THE MURPHY GROUP OFFICES............................................................................. 32 NETWORK LAYOUT AND INTRUSION DETECTION ....................................................................................... 34 REMOTE ACCESS ......................................................................................................................................... 36 HOW PRIVACY IS ENSURED ......................................................................................................................... 37 OPERATING SYSTEM ADMINISTRATION AND IMPROVEMENT PLAN ......................................................... 39 ARCHITECTURE ASSESSMENT ........................................................................ Error! Bookmark not defined. HOW THE NETWORK WAS DESIGNED BEFORE THE UPGRADE ................................................................... 39 HOW THE NETWORK WILL BE DESIGNED AFTER THE UPGRADE ................................................................ 39 NETWORK ARCHITECTURE .......................................................................................................................... 41 THE MURPHY GROUP NETWORK LAYOUT AFTER THE UPGRADES ............................................................. 42

2 SYSTEM COMPARISON BEFORE AND AFTER THE UPGRADES ..................................................................... 43 ENTERPRISE AUTHENTICATION................................................................................................................... 44 DESCRIPTION OF THE CURRENT NETWORK INFRASTRUCTURE AND WEAKNESS (SWOT REVIEW) ............ 44 OPERATING SYSTEM PLATFORM AND COST CONTAINMENT ..................................................................... 48 MAINTENANCE AND FAULT TOLERANCE .................................................................................................... 48 SUMMARY ................................................................................................................................................... 49 REFERENCES: ............................................................................................................................................... 50 APPENDIX A: Sample Confidentiality Agreement ....................................................................................... 53

PROJECT OUTLINE
1. CURRENT OPERATING SYSTEMS ENVIRONMENT a. The Murphy Group company description and current system description b. Network diagram c. Description of the network layout d. Current servers used by The Murphy Group and how they are connected to the network e. Future Expansion 2. OPERATING SYSTEM COMPONENT ASSESSMENT a. SWOT (Strengths, Weaknesses, Opportunities and Threats) i. INTERNAL ii. Strengths iii. Weaknesses iv. EXTERNAL v. Opportunities vi. Threats b. Computer Components c. Updated image of the network layout 3. CLIENT SERVER OPERATING SYSTEM SUPPORT a. Purpose b. User roles and responsibilities in a client/ server environment c. License Policy d. Adding and Removing Clients e. How to add clients using Active Directory i. How to add a local user account ii. How to add a domain user account f. How to remove clients using Active Directory g. Environment 4. OPERATING SYSTEM SECURITY a. Physical Security i. Smart cards ii. Cameras iii. Security Guards iv. Parking passes b. Computer Security i. User names and passwords

c.

d.

e. f.

ii. Passcodes and key fobs iii. Windows Server 2008 security features Secured Areas Inside The Murphy Group i. Cameras ii. Security Guards iii. Locked doors iv. Hand scanners v. Iris scanners Network Layout and Intrusion Detection i. Authentication practices ii. Firewalls iii. Encryption iv. Intrusion Detection Systems (IDS) Remote Access i. RADIUS How Privacy is Ensured i. How a breach is managed

5. SYSTEM ADMINISTRATION AND IMPROVEMENT PLAN a. How the network was designed before the upgrade b. How the network will be designed after the upgrade c. Network architecture i. Workstations ii. Printers iii. Servers iv. Switches v. Routers vi. Firewalls d. System comparison before and after the upgrades i. Network layout map e. e. Enterprise authentication i. Multifactor authentication ii. Physical security upgrades 1. Cameras 2. Security guards 3. Restricted areas f. SWOT review i. SWOT review chart g. Operating system platforms and cost containment i. Licensing

h. Maintenance and fault tolerance i. RAID configuration i. Summary

CURRENT OPERATING SYSTEMS ENVIRONMENT

The company for this project will be The Murphy Group. The Murphy Group is a small company that provides IT services for small businesses. The Murphy Group works in an office setting. The Murphy Group has ten employees. Each employee has a desktop workstation that runs Microsoft Windows XP. The employees share three printers and there are two servers, both running Windows Server 2003. To connect these devices, The Murphy Group uses two hardware firewalls, Ethernet cables, two routers (with built in firewall software) and multiple switches. The Murphy Group chose to use Windows XP with the desktop work stations for several reasons. When The Murphy Group started as a company, the most popular desktop operating system was Windows XP. In fact, in January of 2007, Windows XP was the most popular operating system, running on over 76% of computers (w3schools.com, 2012). XP was more dependable and secure than previous operating systems. XP included Windows Installer that allowed users to install, manage and remove programs safely. XP also had improved multitasking that allowed users to run different programs simultaneously so they can work on different projects at the same time. (Microsoft, 2003). That allows employees to be more productive and complete projects faster. The Murphy Group employees share three printers. Using Ethernet cables, the desktop work stations are connected to a switch. The switch is connected to the printer with Ethernet cables. Having the computers connect to a switch allows users to share a printer instead of requiring each employee to have their own printer.

While the switch is connected from the workstations to the printer, the switch is also connected directly to the server. This allows multiple users to access the servers at the same time and reduces problems like delays or transmission collisions. Switches are important in this network setup because it allows multiple devices to connect to each other. A switch helps direct data to the correct destination. A switch helps to organize a network and sort the data which results in a more efficient setup. The Murphy Group uses Windows Server 2003. All files are automatically saved to the servers and employees can share files and information off the server. In order to access the server, the user must login with a user name and password that was provided by the Network Administrator. In addition to being a file server, Windows Server 2003 allows The Murphy

Group to use one server as a web server. That helped eliminate the need to purchase a dedicated web server (Microsoft, 2012). That also makes it easier for employees to update and change the company web site when needed. Another network component that is connected to the server is the router. The router allows the user to access the internet. A good safety feature of the router is that is has built in firewall software.

FUTURE EXPANSION
The Murphy Group expects to upgrade their computer systems in the next 90 days. The main reason for upgrading is so employees can use a more current operating system with the expectation of improved performance. The Murphy Group also wanted to incorporate remote access and mobile access into its operations. The Murphy Group plans on allowing remote access through VPNs (Virtual Private Network). To help develop mobile access, The Murphy Group also wants to replace all current desktop workstations with laptop computers and convert most Ethernet connections to wireless connections. The Murphy Group wants to upgrade the servers to Windows Server 2008 and set up off site backups of important/ essential files. Some additional benefits of Windows Server 2008 will include: virtualization, where multiple servers can be installed and run from one physical unit. This can result in significant cost savings because there is no need to buy many servers (to determine the savings, the cost of new equipment and licenses plus the expenses of operating and maintaining multiple servers should all be considered). Other benefits of Windows Server 2008 include: a built in firewall, command line availability (Thurrott, 2010), and live migration software that will allow The Murphy Group to transfer data to the new server without any significant down time. Virtualization is extremely important because it will allow The Murphy Group to continue to expand and add additional virtual servers whenever they are needed.

10

OPERATING SYSTEM COMPONENT ASSESSMENT

SWOT- STRENGTHS, WEAKNESSES, OPPORTUNITIES AND THREATS CHART

INTERNAL STRENGTHS: Small sized network should be easier to upgrade than a larger network. This is an opportunity to expand and prepare for future business and development. Improve networking services and efficiency within the company. Improve the way the company backs up data.

WEAKNESS: Future network expansion might be more difficult because the network is hardwired, not wireless Cost of upgrading hardware like the physical servers and workstations Possibility of having to change, replace or upgrade network components like wires and cables. May need to update or replace software and applications that are currently in use. This might quickly become a very expensive process. That possibility must be weighed against leaving the current system in place and discontinuing the upgrade

EXTERNAL OPPORTUNITIES: Using a newer operating system will allow The Murphy Group staff to have a better understanding of that system and can then implement it to customers. As an IT consulting firm, it might be beneficial to be use a more recent operating system

11

to appear up to date and current with IT practices. Implementing virtualized servers may develop other business relationships and could lead to more customers.

THREATS: Will The Murphy Group users accept the upgrades and properly use the system? Will there be a chance of a massive failure or the possibility of lost data? Perhaps data that is not compatible with a newer system? Will all key applications transfer over to a new system? Does The Murphy Group have finances available in case something unanticipated happens and causes the price of the upgrade to increase beyond what is planned? Does the current facility have the ability to handle a new system? (Can it support new wires, power requirements, and physical space issues?)

12

COMPUTER COMPONENTS
The Murphy Group is a small computer network. The workstations, network components, printers, servers are all connected with Ethernet cables and the network is located inside one building. The main computer components for this report are included below. Case- For the cases on their workstations, The Murphy Group will use an ATX (Advanced Technology eXtended) case. This case was selected because it is the most popular style case and could be easily replaced if it was damaged without necessarily replacing the internal components. This is how the motherboard will likely look. It may not match the layout for this project exactly, but it is intended on giving the user an idea of what a motherboard looks like.

Power supply- Power supply units convert electricity from DC (direct current) to AC (alternating current) and supply power to computer components. So once the electricity is converted from DC to AC in the power supply unit, it then can power the computer. Power is passed throughout the computer by a series of rails. The rails are connected to the power supply with wires. The wires support 3.3 volt, 5 volt and 12 volts and are

13

identified by color. The power passes along the rails and are attached components, like processors and drives. (WiseGeek, 2012). An interesting point about power supplies is that, no matter what size power supply is used, it will only use the power required to operate the system. To ensure adequate power and with the consideration of future expansion and added computer components, The Murphy Group will use a 650 watt power supply. CD/ DVD drive- Something to consider with CD/ DVD drives is to make sure the computer case being used has the correct number bays to support the user. The Murphy Group uses an ATX case and that usually has at least one bay. A CD/ DVD bay is 5.25 inches and is usually found in the front of the computer case. The CD/ DVD player is connected to the power supply by a cable. Hard drive- The hard drive is main storage location on the computer. To install the hard drive, the drive is placed in a metal case (that often comes with the computer chassis) and attached to the computer with several screws. The hard drive is then connected to the motherboard by SATA cables. A SATA (Serial Advanced Technology Attachment) cable can be up to three feet long but they are designed so they can be repositioned inside a computer to allow better air flow which allows the internal components to stay cool. SATA cables have a 7 pin connector at the ends and plug directly into the motherboard. Since The Murphy Group is using desktop workstations, the hard drive is 3.5 inches and spins at 7200 rotations per minute (RPM). Since this is intended for a business setting, the workstations will use a 1 TB (terabyte) hard drive. Here is what it looks like to connect a SATA cable to a motherboard:

RAM (random access memory)- RAM is temporary memory that helps store data while the computer is turned on. Storing data in a temporary location, like RAM, allows the computer to more quickly access that information, switch between programs which can speed up user activity. Depending of the models, there can be different ways to connect

14

RAM modules to the motherboard. I will review and follow the manufacturers suggested ways to insert the RAM before I try to connect the RAM module to the motherboard. One thing to remember is that RAM modules should never be forced into a location. If it wont connect without being forced into a location, it is probably in the wrong spot or being inserted incorrectly. Here is what RAM modules look like:

Since The Murphy Group is currently running Windows XP but plans on upgrading to Windows 7, I need to make sure I have enough RAM. According to Microsoft, Windows XP requires a minimum of 64 MB of RAM and Windows 7 (64- bit) requires 2 GB of RAM (Microsoft, 2012). So that is clearly an area that needs to be upgraded. CPU (processor)- The CPU is the computer component that allows the computer to function. It is a small square that has multiple metallic connectors or pins on the bottom of it. It gets plugged into a CPU socket, pin side down, directly on the motherboard (IT Business Edge, 2012). Here is an example of what a CPU might look like:

15

Heat sink/ fan- Computer components can generate a great amount of heat. Those components must be cooled though or they will become damaged. This is where a heat sink/ fan comes into play. These components dissipate the heat and help prevent damage to the internal components. Thermal paste- Thermal paste is used to help cool internal computer components. It is a substance that is applied between the CPU and heat sink to dissipate the heat. (www.techPowerUp.com, 2007).

16

Graphics card- It is cheaper to use a motherboard that has a built in graphics card, but that is not necessarily the best option. Build in cards often do not offer the same performance as a dedicated graphics card. Another consideration when selecting a graphics card would be the programs the user will run. If the programs are not very intense and do not require a lot of graphics or video, the user may be able to use a motherboard with a built in graphics card. If the user will be using a program that requires a lot of graphics or video, that user may benefit from using a dedicated graphics card. Another consideration should be future expansion. If the user is using a dedicated graphics card, upgrading may be as simple as replacing the card. If the user is using the graphics card attached to the motherboard, to upgrade they may need to replace the motherboard or change to a dedicated graphics card. Since The Murphy Group is planning to expand in the future, we will be using a dedicated graphics card. Monitor- The Murphy Group uses computer monitors that support screen resolution higher than 1024x 768 pixels. To help reduce eye strain, most computer monitors are at least 23 LCD. Monitors are plugged into computers with a cable that usually plugs directly into the back of the computer. The mouse is color coded and the user must simply plug the cable into the port on the computer with the same color. During the system upgrade, The Murphy Group will likely upgrade to a wireless mouse. The keyboard is connected to the computer with a cable and 3.5 mm input connector that plugs into the back part of the computer. It is color coded and the user must simply plug the cable into the port on the computer with the same color. Speakers- Since The Murphy Group does not have a significant need for specialized speakers, we will use standard speakers. Speakers are connected to the computer with a cable and 3.5 mm input connector that plugs into the back part of the computer. The connector is color coded and the user must plug the cable into the port on the computer with the same color. Operating System- The Murphy Group currently uses Windows XP in their workstations, but we are planning to upgrade to Windows 7. There are different versions of Windows 7 available (Microsoft, 2012), and The Murphy Group will probably use Windows Ultimate.

17

Ethernet cables- The Murphy Group currently uses Category 5e Ethernet cables but I want to review this to make sure that is the best selection for the upgrade. Cat 5e cables support speeds up to 1 GB per second. The cables can only be 100 meters. This seems to be a popular Ethernet cable and can be easily replaced if needed. Since upgrading to Cat 6 cables would likely be very expensive, we will continue using the Cat 5e cables. Ethernet cables connect to computers via a port and RJ-45 connector. Switch- A switch is a networking device that helps manage connections between devices on a computer network. Computers, servers, printers and network devices connect to switches with Ethernet cables. One end of the cable plugs into the computer (or server whatever you need to connect) and the other end is plugged into the switch. When information is transmitted from a source, like the computer, it is passed along the Ethernet cable to the switch. Since all the devices on the network are connected to the switch, the switch can send that information to the intended location. Printer- In the interest of saving money and considering possible space limitations, The Murphy Group uses an all- in- one printer that works as a printer, copier and scanner. This may be more economical than buying each of those devices individually. Server- The Murphy Group currently uses Windows Server 2003 but is strongly considering upgrading to Windows Server 2008. Assuming the upgrade can be completed, that would be the server operating system used in this company. Router- The router is the network device that connects with the internet. The router is connected to The Murphy Group network at the switch. The router and switch are connected with Ethernet cables. Firewall- In addition to software firewalls on the computers, The Murphy Group also uses a physical firewall to help secure the network. Firewalls are used to help prevent unauthorized users from access a computer network. The firewall is placed between the network and internet. The firewall is connected to the router with a cable.

18

Once all these devices are properly connected, The Murphy Group network will be formed. This is a general picture of how the network will look.

19

CLIENT SERVER OPERATING SYSTEM SUPPORT

PURPOSE The purpose of this section is to educate users about The Murphy Group policies about software and licensing. Unless written permission is obtained from the system and/ or network administrator, users and guests of The Murphy Group are asked to follow the following guidelines: Users/ guests are not permitted to download software to their workstation. All software will be distributed from the system and network administrators. All software will be licensed and obtained legally and a copy of the licenses will be maintained using Microsoft Software Asset Management program.

USER ROLES AND RESPONSIBILITIES IN A CLIENT/ SERVER ENVIRONMENT

Users are only permitted to use the software provided to them by The Murphy Group. Users may not download or add in any way additional software to their workstations. Users may not copy software or any other data unless related to their work assignments. Users are expected to use the software for business reasons only. Any software that is not licensed or assigned to a workstation will be removed and will be investigated. Employees are not permitted to delete or try to alter in any way system or file backups, event logs or user logs at any time. Users should always sign off and lock computers whenever they leave a workstation. If users have any problems with their network connections or receive any errors they should inform the network administrator. It will be the responsibility of the network administrator to add and remove clients. If users have any questions about this policy, they should check with the network administrator.

LICENSE POLICY

20

The Murphy Group will only use equipment that is obtained legally and properly licensed. It will be the responsibility of the systems administrator to make sure all software/ hardware is properly licensed and the licenses are kept current. A copy of all user and device Client Access Licenses (CAL) will be kept on file with the systems administrator and will be promptly available if requested by management. The systems administrator will be responsible for maintaining all licenses for the servers and virtual machines.

The Murphy Group organizes all licenses using a Microsoft Software Asset Management (SAM) program which scans users, applications and devices across the network and determines which licenses are being used and which licenses are needed. The Microsoft SAM is used because The Murphy Group uses Microsoft programs, operating systems, servers and hardware.

ADDING AND REMOVING CLIENTS

*Note- Employees will not add or remove any type of clients in The Murphy Group operating system. This section is meant to give the user a better understanding of the system administration and should only serve as a reference. Employees will only be added and removed by the network administrator.

HOW TO ADD CLIENTS USING ACTIVE DIRECTORY

Note: The process of creating users will be the same for Windows Server 2003 and Windows Server 2008.

To add a Local User Account:

21

1. In the Administrative Tools section, select Computer Management.

2. From there, select Local Users and Groups.

22

3. Select Users to view a list of all the users.

4. Right click in the users list and select New User.

5. Enter the information needed, like the name and settings and save the New User information.

23

6. Confirm that the new user is now included in the list of users. If the user is listed, the user was saved correctly. If the user is not listed, repeat the process. (SharePoint Genius, 2009)

To add a Domain User Account:

1. In the Administrative Tools section, select Active Directory Users and Computers.

24

2. In the Active Directory Users and Computers section, select the folder where you want to create a new user. Click on the folder to select it.

3. Once you view the folder, right click in the user list and select New User.

25

4. Enter the information needed, like the name and settings and save the New User information by clicking Finish.

26

5. Confirm that the new user is now included in the list of users. If the user is listed, the user was saved correctly. If the user is not listed, repeat the process. (SharePoint Genius, 2009).

27

HOW TO REMOVE CLIENTS USING ACTIVE DIRECTORY

Note: The process of creating users will be the same for Windows Server 2003 and Windows Server 2008.

1. In the Administrative Tools section, select Active Directory Users and Computers.

2. From the Users and Computers section, select the user you wish to delete.

28

3. Right click on the user and select the delete option to delete the user. (Microsoft, 2012)

29

ENVIROMNENT
Any work performed on this workstation or across the network should be for business reasons only. Personal use of the computers is not permitted.

30

OPERATING SYSTEM SECURITY

Security is extremely important at The Murphy Group. This section is meant to inform employees about different operating systems and network security measures that are in place by The Murphy Group.

PHYSICAL SECURITY
When an employee arrives at The Murphy Group offices, before they can enter the parking lot, the employee must scan a smart card. The card is programmed with unique information that can be used to verify a user and grant access to an area. If the employee does not have the proper smart card or it does not work, there is a call button next to the scan pad and the employee can contact security for permission to enter the lot.

The parking lots are monitored by video cameras and there is a dedicated camera recording images of any vehicles entering the lot. The parking lot is also regularly patrolled by security guards. Vehicles are required to display company issued parking passes or a guest parking pass. Vehicles that do not display the passes may be towed at the vehicle owners expense. To enter the building, employees must enter only through the front door. Employees must sign in at the security desk. Employees are not permitted to let non employees into the building.

31

All other exterior doors cannot be opened from the outside and have alarms on them that sound when they are opened. All doors and exits are under constant video surveillance.

COMPUTER SECURITY
After the planned computer upgrades, computers used at The Murphy Group will be using Microsoft Windows 7 Ultimate edition and are protected by antivirus software, firewall software and encryption. The software is updated automatically every day to ensure the highest level of protection against threats. Employees are given a user name and password at the time of hire. These are unique identifiers that cannot be reused. The user name will be between six to ten characters and contain at least one lower case letter, one upper case letter and at least one number. The password should meet the following requirements (Windows, 2012): Must be at least eight characters and include at least one uppercase letter, one lowercase letter, one number and one special character. Must not be the same as the user name. Must not be one complete word. Should not be reused as a password on other computers, web sites or devices that require a password.

To access any computers, multifactor authentication is required. To use a computer provided by The Murphy Group, users must log onto the computer with a user name, password and a passcode. Employees are reminded to never share their user names or passwords with anyone. If the user cannot login, they are to contact the network administrator immediately. Under no circumstances should users attempt to bypass any of the security measures that are in place. After the user has entered their user name and password, access will be authenticated with a security token passcode. Users get the passcode from a key fob that will be provided to the by the network administrator. The key fob will display a number which uniquely identifies the user and allows them to log in (Search Security, 2012). That passcode entered by the user is compared with the data in a security database and if the data matches, the user may successfully login. If the data does not match, the user will be denied access and should inform the network administrator. If the user loses the key fob or it does not work, they are to inform the network administrator immediately for a replacement.

32

Additional computer security policies: Users must log out of workstations when they are not in use. Employees are never permitted to log in as another user. Employees are not permitted to share key fobs. Employees are required to change their passwords every 90 days.

Employees are reminded to be cautious of threats like social engineering attacks. Employees are not permitted to give their user names, passwords, personnel information or other security information. Requests for such information should be directed to the network administrator or the employees direct supervisor. Since The Murphy Group is expecting to upgrade its server systems to Windows Server 2008, this list from Microsoft also highlights some of the new security features of the server operating system: Security improvements to the kernel. Security improvements to Windows services. Windows Integrity Mechanisms. Windows Internet Explorer Extensible logon architecture Cryptography Authentication protocol improvements

(Windows Server).

SECURED AREAS INSIDE THE MURPHY GROUP OFFICES

There are places in The Murphy Group offices that are critical to operations. To ensure the security of these areas, they are restricted to most users and guests. These areas include, but

33

are not limited to, the server rooms and locations where any backup data is stored. These areas are under constant video surveillance and protected by additional security guards. However, if a user or guest needs to access a secured area, there are steps that the employee is required to follow. When planning to access a secured area, the employee is required to sign in with the security guard stationed outside that area. The employee must sign into a log book with their name, data, time of entry and a brief explanation of what will be done in the secured area. When the user is finished in the secured area or must leave the area for any reason, they must sign out with the security and repeat the sign in if they return. The door to the secured area is locked. To enter the secured area, the user must be verified. Verification is confirmed through multifactor security verifications. At the door to the secured area, the user must first scan their hand on a hand reader. To use the hand reader, the user places their hand on the reader surface. There are several areas on the surface of the hand reader where the user aligns his/ her fingers. Once the fingers are aligned, a camera will take a picture of the hand and the shadow cast by it. Software will analyze the image of the users hand, the shadow, length, width and thickness of the hand and fingers and translate that data into a numerical template (Wilson, 2012). The hand reader will then compare the numerical template with the hand prints that are stored in a security database and, if the print is verified, the user will be asked for an additional form of verification. If the print is not verified, they are to inform the security guards immediately.

After the hand scan, employees are required to confirm verification through iris scanning. To scan the iris, employees must be three to ten inches away from a camera which will be located near the hand scanner. Employees look into the camera lens and the camera takes a picture of the iris. Software then analyzes the center of the pupil, the edge of the pupil, the edge of the iris and the eyelids and eyelashes (Wilson, How Biometrics Works- Iris Scanning, 2012). That information is translated into a code which is compared to other codes in a security database which will verify or deny access.

34

Additional security measures are taken inside the secured area. To access any computers inside the secured area, the employee must login using the same user name, password and passcode procedure required to access other computers. Event logs are used to record what happens in the protected areas and who performed the action. The entire area is monitored by security cameras and alarm systems that can also monitor moisture levels and fire. If a non-employee (like a contractor, service provider, etc.) is required to access the secured area, they are to follow these steps: Sign in with security officers. Present a valid form of identification. Sign a waiver indicating their understanding of the security policies of The Murphy Group. Be in the presence of the network administrator or a designee at all times. Sign out with security when finished.

Non employees may be required to have smart cards or access from hand scanning and iris scanning. These cases will be handled on a case by case basis as determined by management.

NETWORK LAYOUT AND INTRUSION DETECTION

The Murphy Group has implemented several safeguards to protect against unauthorized intrusions on their computers or network, including the authentication practices, firewalls,

35

encryption and access control to the building and computers. Now add to that an Intrusion Detection System (IDS) to further protect the network. To help explain, the network is constantly scanned and monitored by the network administrator and Intrusion Detection System (IDS). The IDS can protect against actions that may be missed without a proper IDS. For example, an IDS can alert if a user is attempting to access information beyond what they have permission for. If the IDS alerts fast enough, steps can be taken to stop the user from accessing anything they are not permitted to access. Another consideration is that a proper IDS can serve as a deterrent and can collect information about intrusions to help strengthen intrusion prevention measures (Stallings, 2012). Other methods of intrusion detection used by The Murphy Group include: Host- Based Intrusion Detection Techniques: Host IDS are commonly used on servers and administrative systems to detect intrusions, log events and send alerts. Intrusions are detected two ways. The first way is Anomaly Detection. Anomaly Detection collects the data behavior of users over a period of time and detects when users try to unsuccessfully access the system, like when a user enters a user name but repeatedly fails to enter the proper passwords. The second method of Host IDS is Signature Detection. Signature detection IDS is alerted when a user attempts to determine expected behavior, like when a user logs into a system then tries to access information beyond their set level of rights. (Stallings, 2012). Audit Records: This consists of Native audit records and detection specific audit records. Native audit records collect information about user activity. Detection specific audit records contain only information that is required by the IDS.

Each computer on the network has antivirus software enabled on it. Antivirus software is designed to detect viruses and malware, identify viruses on the computer and remove the virus. This software is updated nightly. Firewall software is used to make sure attempts to access the computer come from the network or permitted IP address. Attempts to access a computer from an unidentified source are blocked. This software is also updated regularly and is generally configured by the network administrator. The network is also scanned on a regular basis. These scans search are done by scanning the IP addresses connected to the network to make sure devices are not connected when they should not be. Scans also check for vulnerabilities and things like access points and open ports. If vulnerabilities are detected, they can be addressed and fixed. Another tool used to help protect the network is a firewall. While each computer uses firewall software, a physical firewall is used where the network connects to the internet. The firewall is designed to block unauthorized access of the network. To block access, firewalls are configured to use packet filtering, a proxy service and/ or stateful inspection to scan information coming to the network. A firewall may use any or all of those methods to protect the network.

36

Packet filtering scans small chunks of data, called packets, and analyzes them against a set of filters. If the packets meet the criteria set by the filters, the data is allowed on the network. If the data does not meet the criteria, it is blocked by the firewall. Proxy service retrieves information from the internet and sends that information directly to the computer that requested it. Stateful inspection analyzes certain parts of data packets and sends the packet to a database containing trusted information. If the information is allowed from the database, the information will be allowed onto the network. If the data does not meet the criteria from the database, the information is blocked (Tyson, 2012).

REMOTE ACCESS

There are times when The Murphy Group allows remote access to its network and systems. To allow remote access, The Murphy Group uses a RADIUS connection. A RADIUS, short for Remote Authentication Dial In User Service, allows users to connect from remote locations like job sites, other offices and even from home. To create a remote connection, the user must provide a user name and password (Webopedia, 2012). As part of the sign in process, the user name and passwords are automatically encrypted before are sent to the RADIUS server. Once the information arrives at the server, the data is checked by the server to make sure the user is permitted access and, if confirmed, a connection is made. If the user name and/ or password do not match data in the server, a connection will not be made.

37

Connections between the user and the RADIUS server are authenticated through a shared key which does not get transmitted across the connection. Connections are also controlled through accounting features that are established to determine factors like connection time and what information can be sent. When connected to a firewall, a port is designated for a RADIUS connection. That port should not be used for any other connections. One of the largest benefits to using a RADIUS connection is that all the user information can be managed from a single location. Since users can connect from anywhere, there only needs to be one centralized server to maintain the user records. This makes security, maintenance and management easier.

HOW PRIVACY IS ENSURED

The Murphy Group takes the privacy of its employees, customers and clients extremely seriously. As a rule, information is normally only granted to individuals or departments that must have the information as a part of business. For example, Human Resources will have access to personnel records but may not have access to accounting information. For the times when outside agencies are used, they are required to sign a confidentiality agreement. Attached to the

38

appendix is an example of the kind of confidentiality agreement that must be signed (Inc.com, 2012). While The Murphy Group will make every effort to ensure all information is protected, there must be a policy in place to manage security breaches. Any unauthorized use of information or attempts to access information will be thoroughly investigated. The legal department will be notified immediately and if there is a possibility of illegal activity, The Murphy Group will contact the appropriate law enforcement agency. In the event of a significant breach, the company may consider hiring a public relations firm. The Murphy Group will also immediately advise any employees and/ or customers who may be affected by the breach. However the breach is handled, it is critical to document all aspects of the breach so we can fully understand what was affected during the activity. For example, was information accessed illegally or was equipment stolen? Was the firewall somehow bypassed or disabled? How did an attacker access the network? Was this an internal attack, exterior attack, or both? Is there anything else still at risk? For example, is the firewall down? Is there a virus in the network? This is vital to determine what was affected, how the breach occurred and how it was fixed to make sure it does not happen again. After a security event, The Murphy Group should try to resume operations as soon as possible. If equipment was somehow compromised during a breach, if possible, it should be replaced. If the equipment cannot be replaced, it should be thoroughly inspected to make sure there are no other threats. At a minimum, this should including running an antivirus program and updating the software. If needed, servers should be taken off line for inspection. Any lost or compromised information should be replaced from backup versions. The only thing worse than a security breach, would be failing to acknowledge the breach and allow it to happen again.

39

OPERATING SYSTEM ADMINISTRATION AND IMPROVEMENT PLAN

This section is meant to serve as a project review that highlights some of the key areas of improvement. This section describes some of the areas that were identified as weaknesses or threats and how the system upgrade addressed those problems and, hopefully, fixed them. At the end of this section is a summary, which should conclude the report.

HOW THE NETWORK WAS DESIGNED BEFORE THE UPGRADE

The company for this project will be The Murphy Group. The Murphy Group is a small company that provides IT services for small businesses. The Murphy Group works in one office setting and has ten employees. Before the system upgrades, the system was set up with: Each employee using a desktop workstation that ran Microsoft Windows XP. The employees shared three printers. There were two servers, both running Windows Server 2003. To connect all these devices, The Murphy Group used two hardware firewalls, multiple Ethernet cables, two routers (with built in firewall software) and multiple switches.

HOW THE NETWORK WILL BE DESIGNED AFTER THE UPGRADE

The Murphy Group will still be a small company that provides IT services for small businesses. The upgrades in this project will improve the services offered by the company and will allow for easier, more effective future expansion. The Murphy Group will continue to work in one office setting with ten employees, but now the system will also allow remote access. After the system upgrades, the operating systems will be standardized with all workstations using a Windows 7 operating system. All the servers will be standardized and will use Windows Server 2008. There will be better security and data backup policies in place and the company will use more modern, updated software to further enhance their productivity.

40

The network topology for The Murphy Group will be a Star Topology. A star topology is set up so all the computers on a network will connect to a central device. In this case, the centralized device is a switch. For this design, The Murphy Group has ten workstations. Using Ethernet cables (RJ-45), those ten workstations are all connected to a single switch and is the main switch on the network. The main switch is also connected to two other switches, also with Ethernet cables. One of the switches is connected to the three printers and the other switch is connected to the two servers, router and the firewall. It is important to mention when designing this kind of Star Topology network is that each of the Ethernet cables used should be less than 100 meters. If the cables are extended beyond that, there is an increased chance of damaging the cable which could threaten the ability to connect to the network. Another threat to using Star topology is that if any of the switches fail, the entire network will fail. To protect against a network collapse, The Murphy Group will implement and adhere to a strict data backup policy and will have spare Ethernet cables on hand. The backup policy will be enforced by the system administrator and network administrator. This is a picture of an RJ- 45 Ethernet cable.

This is how the Ethernet cable is plugged into the computer.

This is an example of what several Ethernet cables that are plugged into the switch might look.

41

NETWORK ARCHITECTURE
Since the offices of The Murphy Group are currently setup on a one story building, the network architecture is fairly simple. The work stations are connected to a switch with RJ- 45 cables. The switch is connected to network printers, workstations, switches, routers and servers with other RJ- 45 cables. The router is then connected to a firewall which will help protect the network from internet threats. This is a simple setup but this setup also allows for future network expansion. When the company expands and adds office space, a Star Topology network will support the expansion without the need to redesign the entire setup. When the network expands to several floors or locations, the computers on that floor or location will be connected to a router. Then the routers on each floor gets connected to the router on another floor (or in another location) (WikiHow, 2012). The connection between the routers can be done wirelessly or with Ethernet cables. Generally, only one router will connect to the server.

42

THE MURPHY GROUP NETWORK LAYOUT AFTER THE UPGRADES

43

SYSTEM COMPARISON BEFORE AND AFTER THE UPGRADES

This was a major upgrade for The Murphy Group. As part of this upgrade, every part of the computer network was analyzed, reviewed and inspected for areas where security, productivity and user experiences could be improved. Below is a comparison of key elements of the network before and after the upgrades is listed below. BEFORE THE UPGRADE: AFTER THE UPGRADE:

OPERATING SYSTEM WORKSTATIONS: WINDOWS XP SERVERS: WINDOWS SERVER 2003 WORKSTATIONS: WINDOWS 7 SERVERS: WINDOWS SERVER 2008 R2

CONNECTIONS HARDWIRED NO WIRELESS ACCESS NO REMOTE ACCESS HARDWIRED INSIDE THE BUILDING SUPPORT FOR WIRELESS ACCESS REMOTE ACCESS SUPPORTED THROUGH RADIUS CONNECTION

OTHER KEY AREAS OF IMPROVEMENT: IMPROVED USER EXPERIENCE WITH WINDOWS 7. THIS IS A NEWER OPERATING SYSTEM WITH UPDATED APPLICATIONS AND CONNECTIONS. IMPROVED EFFECIENCY- RESULTING FROM THE UPDATED SOFTWARE AND OPERATING SYSTEMS. IMPROVED SECURITY: FACILITY: USE OF CAMERAS, SECURITY GUARDS, RESTRICTED ACCESS REQUIRED USE OF KEY FOBS AND SIGNING IN WITH SECURITY OFFICERS COMPUTER SYSTEM: THE ESTABLISHMENT OF AUTHORIZATION REQUIREMENTS INCLUDING PASSCODES, HAND SCANNERS, IRIS SCANNERS

44

ENTERPRISE AUTHENTICATION

To make sure data is not accessed inappropriately, enterprise authentication continues to be extremely important. To review, The Murphy Group does not allow users to bypass any security policies or practices and any violations will be fully investigated. All employees are expected to adhere to the policies set by the security group and immediately report any breaches of any kind. To access any computers at The Murphy Group, multifactor authentication is required. To use a computer, users must log onto the computer using their user name, password and a passcode. Employees are often reminded to never share their user names or passwords with anyone, including other employees and under no circumstances should users attempt to bypass any of the security measures that are in place. After the user has entered their user name and password, access will be authenticated using a security token passcode. Users get this passcode from a key fob that will be provided to them by the network administrator. The key fob will display a number which uniquely identifies the user and allows them to log in (Search Security, 2012). The number automatically changes after a set period of time. The passcode that is obtained from the key fob is entered by the user and compared with the data in a security database. If the data matches, the user may successfully login the computer. If the data does not match, the user will be denied access and should inform the network administrator. While the office will mainly connect with RJ- 45 Ethernet cables, after the upgrade users will have the ability to connect remotely via a RADIUS (Remote Authentication Dial- In User Service) connection. To connect using a RADIUS connection, the user the user must enter the user name and a password (Webopedia, 2012). The user name and passwords are automatically encrypted before are sent to the RADIUS server across a network. Once the information arrives at the server, the data is checked by the server to make sure the user is allowed to connect to the network. If the user name and/ or password do not match data in the RADIUS server, a connection will not be made.

DESCRIPTION OF THE CURRENT NETWORK INFRASTRUCTURE AND WEAKNESS (SWOT REVIEW)

Another essential part of this upgrade is to make sure the upgrade addresses any of the weakness and threats that were addressed in the SWOT (Strengths, Weaknesses, Opportunities

45

and Threats) report and identifying the key personnel responsible for the upgrade. Before The Murphy Group can determine who is responsible for certain aspects of upgrading the system, there must be a clear understanding of what the System Administrator and Network Administrator do. A System Administrator is responsible for how the computers, servers, networks, computer components all work together. A system administrator figures out how to bring storage from one server, processing from another, backups from a third and networking from a fourth computer all together, working seamlessly (System Administrator Appreciation Day, 2010). System Administrators are responsible for all of the computer systems in a company. Other responsibilities of the System Administrator include: Server management including installation, maintenance, and upgrades of any server. Preparation for any updates and system installations so all the workstations are standardized. Maintaining disk images which are used for standardized installations on new computers and servers. Check to make sure the server data is secured and there are no unauthorized accesses or breaches. Train new employees and staff members when the system is updated. Repairs computer systems and workstations. Creates any computer policies. Responsible for the evaluation, recommendation and installation of hardware and software.

Basically, it seems that if something deals with a computer or any aspect of how the computer operates, then the System Administrator is in charge of it. A Network Administrator is responsible for the computer hardware and software systems that make up a computer network (Schneider, 2012). The network administrator is responsible for the deployment, configuration, and maintenance and monitoring of networking equipment. The Network Administrator also helps to configure devices when they are added to the network. To review, this was a list of the weaknesses and threats that were discovered in the SWOT, along with the job title of the personnel responsible for managing that aspect of the upgrade: PROBLEM: WEAKNESSES HOW THE WEAKNESS WAS FIXED TITLE OF THE PERSON RESPONSIBLE FOR FIXING THE WEAKNESS Both the Network and Systems Administrators are responsible for this solution.

Future network expansion might be more difficult because the network is hardwired, not wireless.

The network continues to be mainly a hardwired system, but now there is support for wireless and remote access. The network uses RADIUS for remote connections and requires

46

authentication for wireless access. Cost of upgrading hardware like the physical servers and workstations. Possibility of having to change, replace or upgrade network components like wires and cables. The Systems Administrator is responsible for this solution.

The cost of upgrading hardware appears to be worthwhile to support operations and expansion. The cost of upgrading network components will be kept to a minimum but any upgrades will also support operations and future expansion. The operating systems on the workstations will be upgraded from Windows XP to Windows 7. The server will be upgraded from Windows Server 2003 to Windows Server 2008. The organization will benefit from the upgrade. As a result of the upgrade, the company will experience: improved security from safer password practices and authentication improved efficiency through faster network connections more positive user experience from a new operating system More efficient backups from automated backups, offsite storage and safer backup practices.

May need to update or replace software and applications that are currently in use.

The Network Administrator is responsible for this solution.

This might quickly become a very expensive process. That possibility must be weighed against leaving the current system in place and discontinuing the upgrade.

Both the Network and Systems Administrators are responsible for this solution.

PROBLEM: THREATS

HOW THE THREATS HAVE BEEN FIXED

TITLE OF THE PERSON RESPONSIBLE FOR FIXING THE THREATS The Systems

Employees should accept the

47

Will The Murphy Group users upgrades with minimal, if any, accept the upgrades and properly interruptions. Windows 7 offers use the system? an improved user experience and the upgrades to the system will make the workstation faster and easier to use. Will there be a chance of a There is a small chance of massive failure or the possibility failure and the possibility of of lost data? Perhaps data that is data loss. However, these not compatible with a newer problems can be minimalized by system? solutions like backing up data before transferring to a new server and only allowing key staff members like the System and Network Administrators restore data. Will all key applications transfer Applications that do not transfer over to a new system? to the new system are likely outdated already and should be replaced. Does The Murphy Group have Unanticipated problems may finances available in case arise throughout this process, something unanticipated however, reviewing the upgrade happens and causes the price of plan, having data backups and the upgrade to increase beyond planning ahead will help what is planned? diminish unanticipated disasters.

Administrator is responsible for this solution.

Both the Network and Systems Administrators are responsible for this solution.

The Systems Administrator is responsible for this solution. The Systems Administrator is responsible for this solution.

Does the current facility have the ability to handle a new system? (Can it support new wires, power requirements, and physical space issues?)

The current facility will be able to support the upgrades. There are rooms in the building that can be reorganized to accommodate the new system layout, new wires or power supplies. The Murphy Group can hire an outside agency to inspect for and correct any possible electrical problems.

The Systems Administrator is responsible for this solution.

48

OPERATING SYSTEM PLATFORM AND COST CONTAINMENT

After the upgrade, all workstations at The Murphy Group will be using Windows 7 operating systems. All servers will be using Windows Server 2008 R2. The Murphy Group will be upgrading all workstations to Windows 7 operating systems from Windows XP. The servers will be upgraded to Windows Server 2008 from Windows Server 2003. The network will be scanned on a regular basis for unlicensed devices or software and anything that is connected inappropriately will immediately be removed or updated to show the proper license. The network will be scanned by the Network Administrator. As devices are added to the network, the Network Administrator will make sure they are properly configured and available only to the necessary personnel. The System Administrator will be responsible for maintaining licenses the many different licenses and negotiating license costs from third party vendors.

MAINTENANCE AND FAULT TOLERANCE

Backing up data is crucial to any organization. To be effective, data should be backed up on a regular basis, should be stored in a centralized location and authorized users must be able to access the backups to restore data when needed. As a good business practice, not all backups should be stored in one physical location because in the event of a major disaster, the company may lose all data and backups. Therefore, The Murphy Group will make regular copies of data and store most of the versions at the office. Additional backups may be stored at a secured location. Essential data files like contracts, personnel files, billing information, etc. will be backed up nightly and stored with a third party online service. To backup data in the office, The Murphy Group backs up all data using a RAID configuration. A RAID (Redundant Array of Inexpensive Disks) setup allows data to be automatically backed up and should be designed to allow for some degree of fault tolerance. A RAID setup will not prevent system failures. RAID is setup to help eliminate and reduce down time after a failure. Depending on the number of drives being used and how the data is saved to those drives, there are several possible configurations for a RAID setup. The Murphy Group uses a RAID 5 configuration. While this is an expensive setup, it is a very effective configuration to protect against data loss. At least three disks are required to set up a RAID 5 configuration but this is where fault tolerance is determined. With RAID 5, an entire drive can fail and the system will not lose any data. That means there is a high fault tolerance because, even if a drive fails, there are other drives containing the data and those drives can be used to restore data if needed. To further examine the fault tolerance, it could be useful to review how data is stored to the RAID in the first place. With a RAID, the RAID controller automatically controls the process of saving the data across several drives. For a RAID 5 configuration, when the data is saved to the RAID, it is broken up into data blocks by the RAID controller. Those data blocks are then

49

automatically written to each drive used in the configuration. The process of writing the data to each drive is referred to as striping, which just means that the data is saved the same way to every drive across the RAID. With RAID 5, when the system suffers some kind of disaster, the computer hosting the RAID is automatically notified of the failure. Since a RAID 5 requires at least three drives, as soon as one drive fails the RAID is immediately degraded to a lesser RAID configuration. That means data will not be saved across multiple drives until the drive that failed is replaced. However, since the data was initially saved to multiple drives, there is very little chance that the data will be completely lost. To repair the failure, there is no need to replace all the drives in the configuration, only the drive that failed. And once that drive is replaced, the RAID configuration will be RAID 5 again. (Fowler, 2012). The Systems Administrator and Network Administrator are responsible for the configuration and maintenance of the RAID as well as any data recovery.

SUMMARY

This has been a challenging project to review, analyze and upgrade the computer network system of a small business. As part of this project, every aspect of the system was reviewed and scoured for areas to improve. This project took a small business with several older workstations using Windows XP and Server 2003 and upgraded the business to a system using Windows 7, Server 2008, improved networking capabilities, data backups and security. These improvements will help The Murphy Group will operations and expansion for years to come.

50

REFERENCES:
Microsoft. (2003). Windows XP Professional Features. Retrieved July 15, 2012, from TechNet Library: http://technet.microsoft.com/en-us/library/bb457058.aspx Microsoft. (2012). Windows Server 2003 Operating Systems. Retrieved July 15, 2012, from Windows Server TechCenter: http://technet.microsoft.com/en-gb/windowsserver/bb429524.aspx Microsoft. (2012). Windows Server 2008 System Requirements. Retrieved February 27, 2012, from Windows Server : http://technet.microsoft.com/en-us/windowsserver/bb414778 Thurrott, P. (2010). Windows Server 2008 Review. Retrieved July 16, 2012, from http://www.winsupersite.com/: http://www.winsupersite.com/article/productreview/windows-server-2008-review w3schools.com. (2012, June). OS Platform Statistics. Retrieved July 15, 2012, from OS Platform Statistics: http://www.w3schools.com/browsers/browsers_os.asp

IT Business Edge. (2012). CPU- Central Processing Unit. Retrieved July 21, 2012, from www.webopedia.com: http://www.webopedia.com/TERM/C/CPU.html Microsoft. (2012). Compare Windows. Retrieved July 24, 2012, from http://windows.microsoft.com: http://windows.microsoft.com/en-us/windows7/products/compare?SignedIn=1 Microsoft. (2012). System Requirements. Retrieved July 21, 2012, from www.windows.microsoft.com: http://windows.microsoft.com/systemrequirements?SignedIn=1 WiseGeek. (2012). What are power supplies? Retrieved July 21, 2012, from www.wisegeek.com: http://www.wisegeek.org/what-are-power-supplies.htm www.techPowerUp.com. (2007). Thermal Paste and How To Use It. Retrieved July 21, 2012, from www.techpowerup.com: http://www.techpowerup.com/printarticle.php?id=134

Microsoft. (2009). Software Asset Management. Retrieved July 25, 2012, from www.microsoft.com: http://www.microsoft.com/sam/en/us/overview.aspx Microsoft. (2012). Microsoft Licensing: Fundamentals. Retrieved July 25, 2012, from www.partner.microsoft.com: https://partner.microsoft.com/global/40144006

51 Microsoft. (2012). Windows Server Delete a User Account. Retrieved July 30, 2012, from www.technet.microsoft.com: http://technet.microsoft.com/enus/library/cc779035(v=ws.10).aspx#BKMK_winui Peters, C. (2009, March 10). Making Sense of Software Licensing. Retrieved July 25, 2012, from www.techsoup.org: http://www.techsoup.org/learningcenter/software/page11393.cfm SharePoint Genius. (2009). Creating a New User in Windows Server 2003/ 2008. Retrieved July 30, 2012, from www.sharepointgenius.com: http://www.sharepointgenius.com/create-user-windowsserver/ Toasty Tech. (n/d). Client Server Applications. Retrieved July 25, 2012, from www.toastytech.com: http://toastytech.com/guis/remotecliserver.html

Hudson, B. (2012). How Does Voice Recognition Work? Retrieved August 8, 2012, from www.ehow.com: http://www.ehow.com/how-does_4895460_voice-recognitionwork.html Inc.com. (2012). Confidentiality Agreement -- Sample. Retrieved August 8, 2012, from www.inc.com: http://www.inc.com/tools/2000/12/21531.html Search Security. (2012). security token (authentication token). Retrieved August 8, 2012, from www.searchsecurity.techtarget.com: http://searchsecurity.techtarget.com/definition/security-token Stallings, W. (2012). Operating Systems Internals and Design Principles. Upper Saddle River, New Jersey: Prentice Hall. Tyson, J. (2012). How Firewalls Work. Retrieved August 8, 2012, from www.howstuffworks.com: http://computer.howstuffworks.com/firewall1.htm Webopedia. (2012). RADIUS server. Retrieved August 8, 2012, from www.webopedia.com: http://www.webopedia.com/TERM/R/RADIUS.html Wilson, T. (2012). How Biometrics Works. Retrieved August 8, 2012, from www.how stuffworks.com: http://science.howstuffworks.com/biometrics2.htm Wilson, T. (2012). How Biometrics Works- Iris Scanning. Retrieved August 8, 2012, from www.howstuffworks.com: http://science.howstuffworks.com/biometrics4.htm Windows. (2012). Tips for creating a strong password. Retrieved August 8, 2012, from www.windows.microsoft.com: http://windows.microsoft.com/en-ca/windows-vista/Tipsfor-creating-a-strong-password

52

Windows Server. (n.d.). What's New in Security in Windows Server 2008. Retrieved August 8, 2012, from www.technet.microsoft.com: http://technet.microsoft.com/enus/library/cc725998(v=ws.10)

Fowler, S. (2012). Understanding Basic RAID Definitions for Commonly Used Types of RAID. Retrieved August 12, 2012, from http://www.recover-raid.com: http://www.recoverraid.com/RAID_understand.html#R10 Schneider, L. (2012). Network Administrator Profile - What Is a Network Administrator. Retrieved August 12, 2012, from www.jobsearchtech.about.com: http://jobsearchtech.about.com/od/careersintechnology/p/NetAdmin.htm Search Security. (2012). security token (authentication token). Retrieved August 8, 2012, from www.searchsecurity.techtarget.com: http://searchsecurity.techtarget.com/definition/security-token System Administrator Appreciation Day. (2010). What Does a System Administrator Do? Retrieved August 12, 2012, from http://www.sysadminday.com: http://www.sysadminday.com/whatsysadmin.html Webopedia. (2012). RADIUS server. Retrieved August 8, 2012, from www.webopedia.com: http://www.webopedia.com/TERM/R/RADIUS.html WikiHow. (2012). How to Connect One Router to Another to Expand a Network. Retrieved August 12, 2012, from www.wikihow.com: http://www.wikihow.com/Connect-OneRouter-to-Another-to-Expand-a-Network

53

APPENDIX A: Sample Confidentiality Agreement

This Agreement is entered into as of ___________, 20___ between *Company+, and __________________________________ (Employee).

INTRODUCTION
Employee is employed or is contemplating employment with [Company]. In connection with this employment, Employee has had, or will have, access to certain confidential information and trade secrets of [Company], and may in the course of employment with [Company] participate in discovering or conceiving an invention.

As a condition of Employees employment or continued employment, and effective as of the date that Employees employment first commenced, Employee agrees as follows:

AGREEMENT

1.

Definitions

As used in this Agreement, the following terms shall have the following meanings:

Agreement means this Agreement and any attachments hereto, and any modifications that are made to this Agreement in accordance with the terms hereof; [Company] means *Company+ and *Companys+ parent company and other subsidiaries or affiliates thereof. Employees employment means Employees employment with *Company+ or any other *Company] company or entity. Invention means any invention, discovery, know-how, idea, trade secret, technique, formula, machine, method, process, use, apparatus, product, device, composition, code, design, program, confidential information, proprietary information, or configuration of any kind, which is discovered,

54 conceived, developed, made or produced by Employee (alone or in conjunction with others) during the duration of Employees employment, and which:

a) Relates at the time of conception or reduction to practice of the Invention, in any manner, to the business of [Company], including actual or demonstrably anticipated research or development; or b) Results from or is suggested by work performed by Employee for or on behalf of [Company]; or c) Results, in whole or in part, from the use of equipment, supplies, facilities, information, time or resources of [Company].

The term Invention shall also include any improvements to an Invention. The term Invention shall not be limited to the definition of a patentable or copyrightable invention as contained in the United States patent or copyright laws.
Information means (1) all information encompassed in all Inventions, and (2) all forms and types of financial, business, scientific, technical, economic, sales, marketing or engineering information of [Company] that is not generally available to the public at large with the knowledge and consent of [Company], regardless of whether such information would be enforceable as a trade secret or the copying of which would violate copyright or patent laws or be enjoined or restrained by a court as constituting unfair competition. Information shall be interpreted broadly, and includes, without limitations, strategic and business plans, financial information, sales information, projections, pricing information, proposals, client lists, customer lists, prospect lists, research, experiments, records, reports, recipes, formulas, recommendation, manuals, policies, findings, evaluations, forms, computer algorithms, designs, drawings, specifications, evaluations, computer programs, prototypes, methods, processes, procedures, research and development efforts, business opportunities, software or other confidential information or proprietary property, and whether stored, complied, or memorialized physically, electronically, photographically, or in writing.

2.

Inventions
2.1 Disclosure. Employee shall disclose promptly to [Company] each Invention, whether or not reduced to practice, which is conceived or learned by Employee (either alone or jointly with others) during the term of Employees employment. Further, Employee shall disclose in confidence to [Company] all patent applications filed by or on behalf of Employee during the term of Employees employment and for a period of three years thereafter.

2.2

[Company] Property; Assignment. Employee acknowledges and agrees that all Inventions made, written, discussed, developed, secured, obtained or learned by Employee during the term of the relationship and the 60-day period immediately

55 following termination of the relationship shall be the sole property of [Company], including without limitation all domestic and foreign patent rights, rights of registration or other protection under the copyright laws, or other rights, pertaining to the Inventions. Employee further agrees that all services, products and Inventions that directly or indirectly result from engagement with *Company+ shall be deemed works for hire as that term is defined in Title 17 of the United States Codes and accordingly all rights associated therewith shall vest in [Company]. Notwithstanding the foregoing, Employee hereby assigns all Employees right, title and interest in any such services, products and Inventions to [Company], in the event any such services, products and Inventions shall be determined not to constitute works for hire.

2.3

Exclusion Notice. Employee is not required to assign an idea or invention for which all of the following are applicable:

a) No equipment, supplies, facility, or trade secret information of [Company] were used and the invention or idea was developed entirely on Employees own time, and b) The invention or idea does not relate to the business of [Company], and c) The invention or idea does not relate to *Company+s actual or demonstrably anticipated research or development, and d) The invention or idea does not result from any work performed by Employee for [Company].

Employee has set forth on Exhibit A hereto a complete list of all inventions, if any, patented or unpatented, copyrighted or not copyrighted, including numbers of all patents and patent applications, and applications for copyright protection and registration, and a brief description of all unpatented inventions, which Employee has made prior to Employees employment and which are to be excluded from the scope of this Agreement. Any patentable improvements made on the listed inventions after the commencement of Employees employment shall be within the scope of this Agreement. In the event Employee does not list any such Inventions on Exhibit A or fails to attach an Exhibit A, there shall conclusively be deemed to be no inventions to be excluded from the scope of this Agreement.

As used in this Section 2.3, invention shall mean:

2.4

Time of Invention; Presumption. For the purpose of this Agreement, an Invention is deemed to have been made during the term of Employees employment if the Invention was conceived or first actually reduced to practice during the term of such employment. Employee agrees that any disclosures of an invention or any patent application made within one year after termination of Employees employment shall be presumed to

56 relate to an Invention which was made during the term of Employees employment unless Employee provides compelling evidence to the contrary.

2.5

Patents and Copyrights; Attorney-in-Fact. Employee hereby irrevocably appoints *Company+, and its duly authorized officers and agents, as Employees agent and attorney-in-fact to act for Employee in filing all patent applications, applications for copyright protection and registration amendments, renewals, and all other appropriate documents in any way related to the Inventions. In addition, Employee agrees to assist [Company] in any way [Company] deems necessary or appropriate (at [Companys+ expense) from time to time to apply for, obtain and enforce patents on , and to apply for, obtain and enforce copyright protection and registration of, the Inventions in any and all countries. To that end, Employee shall (at *Companys+ request) without limitation, testify in any suit or other proceeding involving any of the Inventions, execute all documents which [Company] reasonably determines to be necessary or convenient for use in applying for and obtaining patents or copyright protection and registration thereon and enforcing same, and execute all necessary assignments thereof to *Company+ or parties designated by it. Employees obligation to assist *Company+ in obtaining and enforcing patents or copyright protection and registration for the Inventions shall continue beyond the termination of Employees employment. During Employees employment, *Company+ shall not be required to provide Employee any additional compensation for services provided for in this section. *Companys+ obligation to compensate Employee following termination of Employees employment for Employees compliance with this section shall be limited to a reasonable rate per hour (not to exceed the equivalent of Employees hourly rate, computed on the basis of Employees base salary as of the date of termination) for time actually spent by Employee on such assistance at *Companys+ written request.

3.

Use of [Company] Information

3.1 Acknowledgment of Proprietary Interest in Information. Employee acknowledges and agrees that any and all Information, whether developed by Employee alone or in conjunction with others, or by other [Company] employees, or otherwise acquired by [Company], is the sole and exclusive property of [Company]. Employee hereby disclaims any proprietary interest in any such Information.

3.2

Confidentiality Obligation. Employee acknowledges and agrees that [Company] is entitled to prevent the disclosure of Information. Accordingly, in consideration of *Company+s agreement to employ Employee and pay Employee compensation for services rendered, Employee agrees at all times during employment with [Company] and thereafter to hold in strictest confidence, and not to disclose or allow to be disclosed to any person, firm, or corporation, other than to persons engaged by [Company] to further the business of [Company], and in any case, not to disclose, use, copy, publish, summarize, or remove from the premises of [Company] any Information, including Information developed by Employee except (a) as necessary to carry out my

57 assigned responsibilities as an [Company] employee, and (b) after termination of employment, only as specifically authorized in writing by an officer of [Company].

3.3

Return of Materials at Termination. In the event of the termination, for any reason, of Employees employment, Employee will promptly deliver to *Company+ all documents, data, and other information pertaining to Inventions and Information; and Employee shall not take any documents, or other information, or any reproduction or excerpt thereof, containing or pertaining to any Information or Inventions.

58

4.

Confidential Information of Others

Employee acknowledges the existence of the Economic Espionage Act, 18 U.S.C. 1831 et seq. (EEA), which prohibits Employee from misappropriating trade secrets of others for the economic benefit of [Company]. Employee agrees, as a condition of employment with [Company], to comply with the provisions of the EEA. If Employee possesses any confidential, trade secret or proprietary information or documents belonging to others, Employee will not use, disclose to [Company] or induce [Company] to use, any such information or documents during employment by [Company], and will not bring onto [Company] premises any unpublished document or any other property belonging to any former employer or third parties without the written consent of the affected party. Employee represents and warrants that employment by [Company] will not require Employee to violate any obligation to or confidence with any other party, and that Employee has not as of the date of signing this Agreement, provided to any employee or agent of [Company] any trade secret, confidential or proprietary information of others.

5.

Business Opportunities

During the terms of this Agreement, if Employee becomes aware of any project, investment, venture, business or other opportunity (any of the preceding, collectively referred to as an Opportunity) that is similar to, competitive with, related to, or in the same field as Employer, or any project, investment, venture, or business of Employer, then Employee shall so notify Employer immediately in writing of such Opportunity and shall use Employee's good-faith efforts to cause Employer to have the opportunity to explore, invest in, participate in, or otherwise become affiliated with such Opportunity.

6.

Non-Filing

Employee specifically agrees that Employers rights granted hereunder shall include the right not to file for copyrights or domestic or foreign patents when such is considered by Employer in its sole discretion appropriate for the business objectives of Employer.

7.

Non-Competition

Employee agrees that, during employment with [Company], Employee will not directly or indirectly compete with [Company] in any way, and will not act as an officer, director, employee, consultant, lender, or agent of any entity which is engaged in any business of the same nature as, or in competition with, the business in which [Company] is now engaged or in which [Company] becomes engaged during

59 the term of Employees employment. Employee further agrees to perform for [Company] such duties as it may designate from time to time, and will devote his or her full time and best efforts to the business of [Company].

60

8.

Non-Solicitation

Employee agrees that during Employees employment with [Company] and for [_______ (_) years] following the termination, for any reason, of employment, Employee shall not, either on Employees behalf or on behalf of any other person or entity, directly or indirectly (i) hire, solicit or encourage or induce any employees, directors, consultants, contractors or subcontracts to leave the employ of [Company], or (ii) solicit, induce, encourage or entice away or divert any person or entity which is then a customer of [Company] and which was a customer of [Company] during the time of Employees employment.

9.

Employment At-Will

Nothing in this Agreement is intended to alter Employees status as an at-will employee. Accordingly, notwithstanding any other term of this Agreement, either Employee or [Company] may terminate Employees employment for any reason, at any time, with or without notice. Similarly, Employee may terminate their employment at any time, for any reason and without notice. The at-will nature of Employees employment can be changed only by a written agreement signed by an officer of [Company].

10.

General Provisions
8.1 Entire Agreement. This Agreement represents the entire agreement between Employee and [Company] with respect to the subject matter hereof, superseding all previous oral or written communications, representations, understandings or agreements relating to this subject. This Agreement may be changed only by a written agreement signed by an officer of [Company].

8.2

Successors and Assigns. The rights and remedies of [Company] under this Agreement shall inure to the benefit of the successors, assigns and transferees of [Company]. Employee shall have no right to assign, transfer or otherwise dispose of his right, title and interest in and to any part of this Agreement or to assign the burdens hereof, without the prior written consent of [Company].

8.3

Remedies Upon Breach. Employee acknowledges and agrees that damages will not be an adequate remedy in the event of a breach of any of Employees obligations under this Agreement. Employee therefore agrees that [Company] shall be entitled (without limitation of any other rights or remedies otherwise available to it and without the

61 necessity of posting a bond) to obtain an injunction from any court of competent jurisdiction prohibiting the continuance or recurrence of any breach of this Agreement. The failure of [Company] to promptly institute legal action upon any breach of this Agreement shall not constitute a waiver of that or any other breach hereof. This provision supercedes and controls over any language set forth in an arbitration agreement with regards to the subject matter of this agreement only.

8.4

Attorneys Fees. In the event of any litigation concerning any controversy, claim or dispute between the parties hereto, arising out of or relating to this Agreement or the breach hereof, or the interpretation hereof, the prevailing party shall be entitled to recover from the losing party reasonable expenses, attorneys fees, and costs incurred therein or in the enforcement or collection of any judgment or award rendered therein. The prevailing party means the party determined by the court to have prevailed, even if such party did not prevail in all matters, not necessarily the one in whose favor a judgment is rendered. Further, in the event of any default by a party under this Agreement, such defaulting party shall pay all the expenses and attorneys fees incurred by the other party in connection with such default, whether or not any litigation is commenced.

8.5

Severability. The illegality, unenforceability or invalidity of any one or more covenants, phrases, clauses, sentences or paragraphs of this Agreement, as determined by a court of competent jurisdiction, shall not affect the remaining portions of this Agreement, or any part thereof; and in case of any such illegality, unenforceability or invalidity, this Agreement shall be construed as if such illegal, unenforceable or invalid covenants, phrases, clauses, sentences or paragraphs, had not been inserted.

8.6

Survivability. The terms and conditions of this Agreement shall survive the termination of Employees Employment.

8.7

Waiver. The waiver by [Company] of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any subsequent breach of the same or any other provision hereof.

8.8

Applicable Law. The laws of shall govern this Agreement. Employee hereby submits to the jurisdiction and venue of the courts of the State of , County of , for purposes of any such action, and expressly waives any objections to jurisdiction or venue in , . Employee further agrees that service upon Employee in any such action or proceeding may be made by first class mail, certified or registered, to Employees address as last appearing on the records of *Company+.

62 8.9 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute a single integrated document.

8.10

Drafting Ambiguities. Each party to this Agreement has reviewed and had the opportunity to revise this Agreement. Each party to this Agreement has had the opportunity to have legal counsel review and revise this Agreement. The rule of construction that any ambiguities are to be resolved against the drafting party shall not be employed in the interpretation of this Agreement or of any amendments or exhibits to this Agreement.

8.11

Notices. Any notices provided by one party to the other under the terms of this Agreement shall be hand-delivered or mailed by certified mail to the following, or to such other recipients as that party may designate, in writing:

To [Company]:

To Employee:

IN WITNESS WHEREOF, the parties hereto duly executed this Agreement as of the date first above written.

[COMPANY]:

EMPLOYEE:

By:

63 (Printed Name) (Printed Name)

Title: Date: Date:

8.12

Receipt of Copy. Employee hereby acknowledges that he/she has received a signed copy of this Agreement.

64 EXHIBIT A

(Excluded Inventions, Improvements, and Original Works of Authorship) (Section 2.5)

TITLE

DATE

IDENTIFYING NUMBER Or Brief Description

65