CHISHOLM INSTITUTE Information Technology and Computer Systems Student Name: Student ID: Date: Start Time: Finish Time: This assessment should take approximately 8 hours. Network Administration Due: 02/11/15 Assessment Units ICTICT511, ICTNWK505, ICTNWK525, ICTNWK529, ICTNWK535, ICTNWK602, ICTNWK615, ICTPMG501, ICTSUS5187A Part A: Written Report Operating System Research, Selection and Planning, Security Solutions   1 DESCRIPTION OF TASKS – PLEASE READ CAREFULLY 1.1 OVERVIEW You have been given the task of planning the implementation of a server running Microsoft Windows Server 2012 R2. As part of future upgrade plans, you will be required to setup and configure a Microsoft Windows Server 2012. To allow you to successfully complete the tasks, you are required to carry out research on Windows server 2012. The research covers: • The various editions available and their features • Hardware requirements and information for each edition • Compatibility checks • Licensing options • Installation options • Planning for migration • Default step by step installation plan 1.2 CLIENT BRIEF You're installing a new network for Einhorn Engineering, a new manufacturing business. There will be 15 client computers running Windows 8.1 and Einhorn Engineering plans to run a Web-based order processing/inventory program that, for now, will be used only by in-house employees while they are onsite. Einhorn Engineering wants to be able to manage client computer and user policies as well as share documents among employees. Einhorn Engineering require their employees to have access to the internet, they have one business grade ADSL2 connection. Growth is expected, but the budget is tight, so the company needs to purchase only what's necessary to get running and leave high-end server features, such as hot-add and hot-replace hardware, for future consideration.   2 OS RESEARCH 2.1 EDITION OVERVIEW Provide an overview of each of the editions of Windows Server 2012 R2. Include Hyper-V Server 2012 R2 in your overview. No more than half a page of information on each, no less than two paragraphs on each. 2.2 BEST PURPOSE OF EDITIONS For each edition of Windows Server 2012 R2, provide an example scenario (describe the client requirements) where that edition is the best choice. 2.3 MINIMUM HARDWARE REQUIREMENTS Outline the minimum hardware requirements for installing each edition of Windows Server 2012 R2. 2.4 SYSTEM SIZING Comment on how the hardware configuration may vary depending on the services the server is providing. Provide at least four factors to consider when sizing hardware. 2.5 HARDWARE COMPATIBILITY CHECK PURPOSE Explain why it is important to perform a hardware compatibility check prior to installation, especially when upgrading from Server 2008 to Server 2012 R2. Provide at least three risks and their potential consequences for an installation that does not perform a hardware compatibility check. 2.6 HARDWARE COMPATIBILITY CHECK INSTRUCTIONS Outline how a hardware compatibility check can be undertaken. Provide at least three methods. Provide links to resources. 2.7 OS LICENSING Describe how the editions of Windows Server 2012 are licensed, include indicative list prices. Identify a server role that requires additional licensing. 2.8 CLIENT ACCESS LICENSING Define and describe the following licensing options. Detail which editions of Windows Server 2012 R2 they are applicable to, and include indicative list prices. • Windows Device CAL • User-based CAL 3 SELECTION 3.1 SELECT OS EDITION Using the information from your research, and the Client Brief, select a suitable edition of Windows Server 2012 R2. 3.2 SELECT OS ROLES AND FEATURES Using the information from your research, and the Client Brief, identify roles and features that would be required and why they are required. Provide at least 5. 3.3 SELECT SERVER HARDWARE Using the information from your research, and the Client Brief, select a suitably configured server. Include the list price. 4 INSTALLATION PLANNING 4.1 OH&S COMPLIANCE Identify at least 5 OH&S hazards and how you plan to mitigate their risks. 4.2 INSTALLATION OPTIONS Explain the following options available when installing Server 2012 R2 Standard edition and outline when and why you would use each of them: • Clean install • Upgrade 4.3 SERVER MIGRATION Outline step by step how you would migrate from Server 2008 to Server 2012 R2 Standard Edition across all your servers to minimise the impact on the network availability and the users. Note: This section is to address how you would plan for the migration to maximise its potential for success, as opposed to the actual installation/upgrade steps on the servers. 4.4 DATA MIGRATION Identify tools that would aid in migrating data from legacy systems (such as user profiles, data on fileservers, or MS SQL Server databases). Provide at least 2. 4.5 GANTT CHART Include a simple Gantt chart that outlines the key activities and effort (hrs) involved in the installation of the proposed server. 5 PROPOSAL 5.1 TOTAL COST Using information from your research, selections made and planning provide an overall cost estimate that includes all labour, hardware and software (including client licenses). Include a cost breakdown. 6 NETWORK, SECURITY AND DESIGN REPORT 6.1 REQUIREMENTS - WHAT, WHY AND HOW MUCH Einhorn Engineering often works with an Australian government agency. The owner Bob thinks that it would be suitable for Einhorn Engineering's security standards to be on par with that of their major customers. For any projects to be successful you know that some initial requirements gathering will be necessary. 6.1.1 Provide Bob with a link to the Australian Government Information Security Manual Controls. 6.1.2 Explain the requirement gathering process 6.1.3 Identify who the key (10 most important) client stakeholders may be (by generic job titles) 6.1.4 Provide 15 example security requirements gathering questions 6.2 RISKS, VULNERABILITIES AND CONTROLS Bob wants to educate IT Steering on the real risks that exists, but he doesn't want to leave them feeling helpless. Instead he wants to educate them about controls. 6.2.1 Explain some (minimum 5) of the general types of risk (not all technical) that good security will help protected against. 6.2.2 Explain the generic types of security controls 6.2.3 Provide 5 specific example risks, of different types. For each of the example risks, describe controls and mitigations. 6.2.4 Provide 3 URLs to security vulnerability advisories / databases 6.2.5 What are zero day vulnerabilities? 6.2.6 If all protocols/products sooner or later have vulnerabilities, how can you mitigate this risk? 6.3 INCIDENT DETECTION AND RESPONSE Bob is concerned about being prepared for a security incident. Especially as mandatory reporting of data breaches is topical. 6.3.1 What is the status of legal requirements for mandatory reporting of a data breach in Australia? a) for government agencies b) for private companies 6.3.2 Explain intrusion detection and recovery procedures Bob was impressed by the procedures published at https://cert.societegenerale.com/en/publications.html . He was hoping that you could summarise a generic procedure in a few lines, something that would fit on a power point slide. 6.4 SECURITY BASELINE One of the first projects will doubtless be a security baseline. If it isn't you will push hard for it, otherwise how will we be able to demonstrate what a fantastic job we have done, and how many improvements there are? The security baseline will involve an audit and penetration test, we want to introduce these concepts to IT Steering. 6.4.1 Briefly outline auditing and penetration testing techniques. 6.5 NETWORK SERVICE SECURITY ANALYSIS AND DESIGN Bob wants to identify solid benefits for his business case, but he doesn't want to risk over-promising either. He wants to perform a preliminary analysis of a handful of network services. He intends to use some of the results directly in his presentation. The network services that Bob has selected are: DNS, web, mail, FTP and firewall. You think that the selection could be improved, but Bob has already tabled the abstract of his report, so that is that. Bob has supplied you with some network diagrams and technical documentation. You have analysed the documentation. You now need to provide recommendations for the targeted network services. 6.5.1 WEB and Firewall Information from documentation: • There one web server POMPWS01 located in the DMZ network zone. • POMPWS01 is hosting the company's external website. • POMPWS01 is hosting the company's intranet website. • POMPWS01's IIS is version 8.5. • POMPWS01's IIS is only using the default application pool. Your tasks: a) describe 3 potential product or configuration security vulnerabilities, provide links b) provide a link to best practice configuration guidelines c) identify 3 alternate products that may be more suitable, say why and provide links d) summarise proposed (high priority) changes into 5 bullet points 6.5.2 FTP and Firewall Information from documentation: • Einhorn Engineering uses FTP for exchanging large files with business partners. • Einhorn Engineering runs the Windows IIS 8.5 FTP service on POMPWS01. • Einhorn Engineering uses Domain User accounts for FTP authentication. Your tasks: a) describe 3 potential product or configuration security vulnerabilities, provide links b) provide a link to best practice configuration guidelines c) identify 3 alternate products that may be more suitable, say why and provide links d) summarise proposed (high priority) changes into 5 bullet points 6.5.3 DNS and Firewall Information from documentation: • Einhorn Engineering has three DNS servers. • POMPDNS02 serves external DNS queries. • POMPDNS02 is a standalone WS2012R2 server in the DMZ. • POMPDNS02 is the only DNS server for Einhorn Engineering's external domain name. • POMPDC01 and POMPDC02 serve internal DNS (Active Directory integrated). Your tasks: a) describe 3 potential product or configuration security vulnerabilities, provide links b) provide a link to best practice configuration guidelines c) identify 3 alternate products that may be more suitable, say why and provide links d) summarise proposed (high priority) changes into 5 bullet points 6.5.4 Mail and Firewall Information from documentation: • Einhorn Engineering are planning on installing Exchange Client Access Server to be able to run Outlook Web Access. • Einhorn Engineering are not sure which network zone to place the server in. • You recall an article that you read recently: http://www.denyall.com/securityblog/securing-outlook-web-access/ Your tasks: a) describe 3 potential product or configuration security vulnerabilities, provide links b) provide a link to best practice configuration guidelines c) identify 3 alternate products that may be more suitable, say why and provide links d) summarise proposed (high priority) changes into 5 bullet points 6.5.5 Firewall Information from documentation: • Einhorn Engineering's firewall system has not evolved with the growth of the company. • They are intending to renew their firewall infrastructure. • Einhorn Engineering's perimeter firewall is a Cisco ASA 5520. • Einhorn Engineering's internal firewall is a Windows 2012R2 server. Your tasks: a) describe 3 potential product or configuration security vulnerabilities, provide links b) provide a link to best practice configuration guidelines c) identify 3 alternate products that may be more suitable, say why and provide links d) summarise proposed (high priority) changes into 5 bullet points 7 DOCUMENTATION REQUIREMENTS At the completion of the research, you are to submit your documentation in the form of a report. The report should be word processed, professionally written and presented, proof read, and should address all of the tasks outlined above. The report must contain a title page, a table of contents, have a heading for each task and sub-task (you could use this document as a template), screen shots or diagrams must be included under the relevant headings (not submitted as separate files, or the report will not be marked), whole sentences and proper grammar must be used, material that is copied from the internet must be attributed and include a link at the point that it is used (a list of links at the end of the document is not acceptable), material that is copied from the internet must not compose more than 30% of the content of this report. Instructor Use Only: Task Yes No 2.1 Edition Overview 2.2 Best Purpose of Editions 2.3 Minimum Hardware Requirements 2.4 System Sizing 2.5 Hardware Compatibility Check Purpose 2.6 Hardware Compatibility Check Instructions 2.7 OS Licensing 2.8 Client Access Licensing 3.1 Select OS Edition 3.2 Select OS Roles and Features 3.3 Select Server Hardware 4.1 OH&S Compliance 4.2 Installation Options 4.3 Server Migration 4.4 Data Migration 4.5 Gantt Chart 5.1 Total Cost 6 Network, Security and Design Report 6.1 Requirements 6.2 Risks, Vulnerabilities and Controls 6.3 Incident detection and response 6.4 Security Baseline 6.5 Network Service Security Analysis and Design 7 Documentation Requirements Competent Not yet competent Re-assessment required See Below Signed (by Instructor) Date   If you have been assessed as "Not yet competent" an opportunity for you to be re-assessed has been made available. Please sign below to acknowledge re- assessment time. Reason for reassessment _________________________________________________________________________ _________________________________________________________________________ _________________________________________________________________________ _________________________________________________________________________ _________________________________________________________________________ Re-assessment Date Time Location Student signature Competency Assessment - Tasks Competent Not Competent Organization • Presented in a thoughtful manner; • Well organized; • Logical format that was easy to follow; • Flowed relatively smoothly from one idea to another; • Most transitions were easy to follow; • The organization enhanced the effectiveness of the project • Somewhat organized; • Ideas were not presented coherently and transitions were not smooth, which distracted the audience; • Choppy and at times, confusing and difficult to follow; • Transitions of ideas were, on occasions, were abrupt Content Accuracy • Mostly accurate; • The occasional inconsistency or error in information; • Facts were mostly accurate and clear • Somewhat accurate; more than a few inconsistencies or errors in information • Facts in this project were misleading to the audience Research • Did a very good job of researching; • Utilized materials provided to their full potential; • Utilised various types of research to enhance project; • At times took the initiative to find information outside of school • Did not use the material provided in an acceptable manner, and did not consult any additional resources; • Did not utilize resources effectively; did little or no fact gathering on the topic Creativity • Was clever at times; • Thoughtfully and very well presented; • On occasions, had a unique approach that enhanced the project • Added some original touches to enhance the project but did not incorporate it throughout; • Little creative energy used during this project; was bland, predictable, and lacked "zip" Presentation Mechanics • Was well done and interesting to the audience; • Was presented in a unique manner and was very well organized; • Some use of visual aids • Was rarely interesting and not presented clearly and precisely; • Limited variety of visual aids and visual aids were not colourful or clear; • Was not organized effectively; • Was not easy to follow and did not keep the audience interested