Chapter 10: System Architecture

Note to Students: After you complete the Practice Tasks, click here to view the sample answers and check your work. Your answers might vary from these examples and still be correct. The intent is to give you a sample to guide you and serve as a reference. When you complete the Practice Tasks and review the sample answers, please return to this page and complete the Challenge Tasks.

Background The IT team at Game Technology is working on an overall architecture for the new C3 system.

They solicited RFPs from several hardware vendors, and decided to work with Network

Illusions, a well-known local firm. Your job is to help analyze the server test results, and to draw

network diagrams when requested.

The Network Illusions sales rep recommended a Model DX server for the C3 network, and

submitted the following data, which shows projected network response times for various

numbers of Game Technology users:

Practice Tasks Task 1. Using the data provided, create an XY chart that shows Response Time on the Y

(vertical) axis and Number of Users on the X (horizontal) axis. You learned about XY

charts in Chapter 2 of your textbook. Describe the results and your interpretation of the

data.

Task 2. Draw a bus network with a server, six workstations, a printer, a scanner, and a wireless access point (WAP). Also, determine how many separate data paths are needed in a

mesh network with four nodes. Five nodes?

Challenge Tasks After you complete the Practice Tasks, you learn about new developments at Game Technology.

Although the spec was for a Model XP server, Network Illusions delivered a newer model, called

the DX+. The vendor sales rep said that performance would be the same or better, but the IT

team decided to run a series of response time tests. The results are as follows:

Critical Thinking Challenge: Tasks Page

Projected Data: Server Model DX Number of Users

10 20 30 40 50

Response Time (sec) .01 .015 .02 .025 .03

Task 1. Use the actual test data to create another XY chart, similar to the first one. Describe the results and your interpretation of the data.

Task 2. Draw the same network as a star topology with a central switch. Also determine how many separate data paths are needed in a mesh network that has six nodes.

Projected Data: Server Model DX + Number of Users

10 20 30 40 50

Response Time (sec) .01 .015 .02 .03 .05

Chapter 10: System Architecture

Note to Students: After you complete the Practice Tasks and review the sample answers, please click here to return to the Tasks page and complete the Challenge Tasks.

Background The IT team at Game Technology is working on an overall architecture for the new C3 system.

They solicited RFPs from several hardware vendors, and decided to work with Network

Illusions, a well-known local firm. Your job is to help analyze the server test results, and to draw

network diagrams when requested.

The Network Illusions sales rep recommended a Model DX server for the C3 network, and

submitted the following data, which shows projected network response times for various

numbers of Game Technology users:

Sample Answers Task 1. Using the data provided, create an XY chart that shows Response Time on the Y

(vertical) axis and Number of Users on the X (horizontal) axis. You learned about XY

charts in Chapter 2 of your textbook. Describe the results and your interpretation of the

data.

Critical Thinking Challenge: Sample Answers Page

Projected Data: Server Model DX Number of Users

10 20 30 40 50

Response Time (sec) .01 .015 .02 .025 .03

When the projected data on Server Model DX is plotted, it reveals a linear relationship

where the response time closely correlates to the number of users. As the number of

users grows, the response time increases proportionately. Given this relationship, we

project that the server offers stable and predictable performance across the range of

users specified.

Further analysis would be required to determine at what point, if any, this model’s

performance changes from a predictable linear relationship, to something else. This

point is sometimes referred to as the “knee” in the curve. For example, at a certain

point, the response time could begin to climb exponentially.

Task 2. Draw a bus network with a server, six workstations, a printer, a scanner, and a wireless access point (WAP). Also, determine how many separate data paths are needed in a

mesh network with four nodes. Five nodes?

To determine the number of paths, you can just draw a sketch and count the paths. This

works with relatively small numbers, but not so well if there are dozens, or hundreds of

nodes. For example, in Figure 10-28 on page 428, there are five nodes, including the

server, and a total of ten data paths.

If you are math-oriented, you can use a formula to determine the number of data paths.

This formula is commonly used to analyze permutations and combinations of values.

Here’s how it works: Assume that the number of nodes is represented by “N.”

The formula for the number of data paths is:

N * (N-1)

2

Therefore, with four nodes, we have

4 * (4-1)

2

or

12/2 = 6

With five nodes, we have

5 * (5-1)

2

or

20/2 = 10

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -3-

Laboratory #1 Lab 1: How to Identify Threats & Vulnerabilities in an IT Infrastructure Learning Objectives and Outcomes Upon completing this lab, students will be able to:

• Identify common risks, threats, and vulnerabilities found throughout the seven domains of a

typical IT infrastructure

• Align risks, threats, and vulnerabilities to one of the seven domains of a typical IT infrastructure

• Given a scenario, prioritize risks, threats, and vulnerabilities based on their risk impact to the

organization from a risk assessment perspective

• Prioritize the identified critical, major, and minor risks, threats, and software vulnerabilities found

throughout the seven domains of a typical IT infrastructure

Required Setup and Tools This is a paper-based lab and does not require the use of the ISS “mock” IT infrastructure or virtualized

server farm.

The standard Instructor and Student VM workstation with Microsoft Office 2007 or higher is required for

this lab. Students will need access to Lab #1 – Assessment Worksheet Part A (a list of 21 risks, threats,

and vulnerabilities commonly found in an IT infrastructure) and must identify which of the seven

domains of a typical IT infrastructure the risk, threat, or vulnerability impacts.

In addition, Microsoft Word is a required tool for the student to craft an executive summary for

management summarizing the findings and alignment of the identified risks, threats, and vulnerabilities

that were found. Recommended Procedures Lab #1 – Student Steps: Student steps needed to perform Lab #1 – Identify Threats and Vulnerabilities in an IT Infrastructure:

1. Connect your removable hard drive or USB hard drive to a classroom workstation.

2. Boot up your classroom workstation and DHCP for an IP host address.

3. Login to your classroom workstation and enable Microsoft Word.

4. Review Figure 1 – Seven Domains of a Typical IT Infrastructure.

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -4-

5. Discuss how risk can impact each of the seven domains of a typical IT infrastructure: User,

Workstation, LAN, LAN-to-WAN, WAN, Remote Access, Systems/Applications Domains.

6. Work on Lab #1 – Assessment Worksheet Part A. Part A is a matching exercise that requires the

students to align the risk, threat, or vulnerability with one of the seven domains of a typical IT

infrastructure where there is a risk impact or risk factor to consider. Students may work in small

groups of two or three.

7. Have the students perform Lab #1 – Assessment Worksheet

8. Answer Lab #1 – Assessment Questions and submit.

Figure 1 – Seven Domains of a Typical IT Infrastructure

Deliverables

Upon completion of Lab #1 – Identify Threats and Vulnerabilities in an IT Infrastructure, students are

required to provide the following deliverables as part of this lab:

1. Lab #1 – Assessment Worksheet Part A. Identification and mapping of 21 risks, threats, and

vulnerabilities to the seven domains of a typical IT infrastructure

2. Lab #1 – Assessment Questions and Answers

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -5-

Evaluation Criteria and Rubrics The following are the evaluation criteria and rubrics for Lab #1 that the students must perform:

1. Was the student able to identify common risks, threats, and vulnerabilities found throughout the

seven domains of a typical IT infrastructure? – [ 25%]

2. Was the student able to align risks, threats, and vulnerabilities to one of the seven domains of a

typical IT infrastructure accurately? – [ 25%]

3. Given a scenario in Part A, was the student able to prioritize risks, threats, and vulnerabilities

based on their risk impact to the organization? – [ 25%]

4. Was the student able to prioritize the identified critical, major, and minor risks, threats, and

software vulnerabilities? – [ 25%]

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -6-

Lab #1: Assessment Worksheet

Part A – List of Risks, Threats, and Vulnerabilities

Commonly Found in an IT Infrastructure

Course Name: _____________________________________________________________ Student Name: _____________________________________________________________ Instructor Name: ___________________________________________________________ Lab Due Date: _____________________________________________________________ Overview

The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing

patients with life-threatening situations. Given the list, select which of the seven domains of a typical IT

infrastructure is primarily impacted by the risk, threat, or vulnerability.

Risk – Threat – Vulnerability Primary Domain Impacted Unauthorized access from public Internet

User destroys data in application and deletes all files

Hacker penetrates your IT infrastructure and gains access to your internal network

Intra-office employee romance gone bad

Fire destroys primary data center

Communication circuit outages

Workstation OS has a known software vulnerability

Unauthorized access to organization owned

Workstations

Loss of production data

Denial of service attack on organization e-mail Server

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -7-

Risk – Threat – Vulnerability Primary Domain Impacted Remote communications from home office

LAN server OS has a known software vulnerability User downloads an unknown e –mail attachment Workstation browser has software vulnerability Service provider has a major network outage Weak ingress/egress traffic filtering degrades Performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers VPN tunneling between remote computer and ingress/egress router WLAN access points are needed for LAN connectivity within a warehouse Need to prevent rogue users from unauthorized WLAN access

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -8-

Lab #1: Assessment Worksheet

Identify Threats and Vulnerabilities in an IT Infrastructure

Course Name: _____________________________________________________________ Student Name: _____________________________________________________________ Instructor Name: ___________________________________________________________ Lab Due Date: _____________________________________________________________ Overview

One of the most important first steps to risk management and implementing a risk mitigation strategy is to

identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of

a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk

management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities

and map them to the domain that these impact from a risk management perspective.

Lab Assessment Questions

Given the scenario of a healthcare organization, answer the following Lab #1 assessment questions from a risk management perspective:

1. Healthcare organizations are under strict compliance to HIPPA privacy requirements which require

that an organization have proper security controls for handling personal healthcare information (PHI)

privacy data. This includes security controls for the IT infrastructure handling PHI privacy data.

Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements? List

one and justify your answer in one or two sentences.

2. How many threats and vulnerabilities did you find that impacted risk within each of the seven

domains of a typical IT infrastructure?

User Domain:

Workstation Domain:

LAN Domain:

LAN-to-WAN Domain:

WAN Domain:

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -9-

Remote Access Domain:

Systems/Application Domain:

3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?

4. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign to the

risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the healthcare and

HIPPA compliance scenario?

5. Of the three Systems/Application Domain risks, threats, and vulnerabilities identified, which one

requires a disaster recovery plan and business continuity plan to maintain continued operations during

a catastrophic outage?

6. Which domain represents the greatest risk and uncertainty to an organization?

7. Which domain requires stringent access controls and encryption for connectivity to corporate

resources from home?

8. Which domain requires annual security awareness training and employee background checks for

sensitive positions to help mitigate risk from employee sabotage?

9. Which domains need software vulnerability assessments to mitigate risk from software

vulnerabilities?

10. Which domain requires AUPs to minimize unnecessary User initiated Internet traffic and can be

monitored and controlled by web content filters?

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -10-

11. In which domain do you implement web content filters?

12. If you implement a wireless LAN (WLAN) to support connectivity for laptops in the Workstation

Domain, which domain does WLAN fall within?

13. A bank under Gramm-Leach-Bliley-Act (GLBA) for protecting customer privacy has just

implemented their online banking solution allowing customers to access their accounts and perform

transactions via their computer or PDA device. Online banking servers and their public Internet

hosting would fall within which domains of security responsibility?

14. Customers that conduct online banking using their laptop or personal computer must use HTTPS:, the

secure and encrypted version of HTTP: browser communications. HTTPS:// encrypts webpage data

inputs and data through the public Internet and decrypts that webpage and data once displayed on

your browser. True or False.

15. Explain how a layered security strategy throughout the 7-domains of a typical IT infrastructure can

help mitigate risk exposure for loss of privacy data or confidential data from the Systems/Application

Domain.