Reference no: EM133702101 
                                                                               
                                       
Background:
You   have just been placed in charge of the IT department for a growing   company called XPC that deals with other a customer base located locally   and domestically. There are 15 roaming employees employed.
Prior to you coming on board, they didn't have any IT staff and hired contractors to do the work.
The   information stored on your local servers is very confidential. Your   company's employees do a lot of travelling both domestically and   internationally. XPC has just received a shipment of brand-new, Windows   based laptops to provide their employees with. Data is stored locally   and then backed up to the server when the laptops connect to a network.
As XPC   employees need to travel frequently, their main mode of data   communication connecting back to the main server is to use whatever   wireless connections are available.
No database has been put in place to track the assets.
You have been provided with a network diagram which provide you with the following:
• the current location of all the laptops in use by staff
• The current security in place on your network
Goal of this project:
You have been tasked with auditing this network and all the equipment in an effort to improve security.
To complete this task, you will need to create a report on your audit. Your report must contain the following:
• Title Page
• Table of Contents
• Plan
• Identifying and valuing XPC's assets
• Identifying and modelling the main threats
• Implementing and testing solutions to these main threats
• Conclusion
Section 1: Planning
Before you undertake your audit on this network, you need to determine the steps required to conduct this audit.
Write   a 4-step plan that you can use on this network audit to assist you in   identifying key elements to manage any potential risks on this network   (4 elements - 5-15 words per element)
Section 2: Identifying and Valuing Assets
Your first task is to create a database to audit the devices owned by XPC.
Create a table showing the following information:
a) List the assets owned by XPC
b) Categorise each device using their device type
c)   For each device category, identify a potential threat and explain how   this threat could occur (10-25 words per threat) - Please note your   identified threats for any networking device types must be resolvable in   Packet Tracer in Section 3
d) Determine the potential origin of this threat to this device type (Internal or External)
e)   Value them in terms of importance to the organisation -  High/Medium/Low  and provide a brief explanation why you valued it this  way (5-20 words)
f)  Cost - The cost for each device has been added  to the topology. Add the  cost of the devices together and calculate  their total at the bottom of  this column
Section 3 - Threat Modelling
You have been asked to design a threat model for the threats you identified in Task 1.
Design a threat model that does the following:
• Grades the threats based on at least 3 different categories
• Rates the likelihood of that threat occurring
• Provides a solution on handling the identified threats. (10-20 words per solution)
Section 4: Implement and test solutions
Section 4a:
Prior   to implementing your solutions from section 3 across the whole  network,  you have been asked to pilot them only on 3 different devices.
Using   the table below, identify 1 router, 1 switch and 1 WAP that you will   apply your solution to. Explain how you will be implementing this   solution on these devices in the left column and write the device name   in the right column.
Section 4b
Now   that you have identified the devices, Use the topology provided to   implement the solutions to the devices you have selected in Section 4a.
You   will be required to note the implemented security using the note tool on   Packet Tracer. Place each note next to your selected devices listing   the implemented solution.
Section 4c
Once you have implemented your solutions, you need to create a series of tests to validate whether the solutions have worked.
Each solution will need to have 2 tests:
• One test should test to ensure the security correctly allows authorised devices/people.
• One test should test to ensure the security correctly blocks unauthorised devices/people.
For   each test provide an explanation on how the tests are to be conducted.   You are not to describe what the expected outcome should look like (5-15   words per test)
Once   you have created your tests, you must swap your tests and completed   topology with another student of your choosing. The idea is for each   student to run the tests as written and provide verbal feedback on the   outcome and modifications required. Populate the feedback in the   remaining fields with the following information:
• Test Outcome Success - Was the outcome successful: Yes/No. If not, why? (10-15 words per test)
•   Modifications required - Based on the outcome of the test, were you   required to make modifications to the network? :Yes/No. If not, why?   (10-15 words per test)
At the bottom of your completed table, add the following information:
Tests for this network run by: *Insert other student's name here
I conducted testing on *Insert other student's name here* network.
Section 5: Conclusion
Provide a summary explaining how the tasks undertaken in this audit have made the XPC's network more secure. (50-75 words)
Provide an area for the management of XPC to sign off this report.
Where
You   will be undertaking this assessment for 4 weeks during Scheduled class   time and out class times. A date will be provided by the assessor on   Blackborad. You will be provided some class time to work on this   assessment, however, it is expected that the majority of this assessment   will be completed outside of class.
How
This   is an individual assessment. Youi will be assessed against the  criteria  listed in the marking guide in Section B of this task. To  achieve a  satisfactory result, you will need to address all criteria   satisfactorily and submit work by the date specified by the assessor.
Note: Don't need to do section 4