Team Exercise 3 Face the Heat Exercise May 10 12 2010 Report Due Date Tuesday May 18 2010 at 5 00 1 Introduction As you are aware difficult economic times and an inability to secure additional capital has led to the bankruptcy of ACME Ltd the leading supplier of rocket propelled roller skates quick drying glue super magnets and anvils to the coyote community of the desert southwest Their troubles are an opportunity for our company to expand we now plan to expand and develop new offices in New Mexico Our headquarters will be in Socorro I 40 west then a left turn at Albuquerque we will have an engineering office in Las Cruces to take advantage of the university there and sales offices in Roswell and Los Alamos Because of the difficulty in starting from scratch so far from home we will form a strategic partnership with one other company Remember though they may be partners today but they may become competitors tomorrow Your job is to develop the IT infrastructure for our New Mexico affiliates Job requirements include 1 We need a functioning web presence a Remember though that because we are new to the area the web page must reflect well on us as a companydamage to the web site may irreparably harm our reputation in the area b The region s web server will be housed in our headquarters in Socorro c We need smaller more specialized web pages for the engineering and sales offices d Our local web team will need to be able to update the web page from various unknown remote sites as well as from our Maryland offices 2 To better serve the local coyote community our engineering offices will need to design and test new products a The engineering team has a staff of 20 You do not need twenty computers but rather a few identical computers with 20 accounts b We will need to be able to securely share our designs with select area coyotes should these designs be made public trade secrets would be revealed c Some of our designs need to also be shared with our partner company d Appropriate design tools need to be installed e The engineering group also needs to create a number of applications They will need secure remote access and the ability to compile and test code We do not know what machines they will be using when the access our development machines They will also need access to a web server and a database server for testing purposes that matches the production environment for testing 3 We will need to create and manage two databases for the company Database 1 Clients The clients database will contain information about all of our clients including Names Addresses Credit card numbers Access to this database needs to be maximally protected 1 Access to the database needs to be given to various automated scripts that will eventually run on our webserver These scripts will allow users to enter and view their information and later to place orders Our developers are creating automated administrative tools to let us work with the database These scripts need complete access to the database but will only be run from inside our network The database should be populated with a reasonable set of test data before the start of the exercise Database 2 Products This database contains a list of all of our products including Name Product code List price Manufacturing cost This is data that we do not want made public However we will be sharing this information with our partner company They will need access to this database Access to the database needs to be given to various automated scripts that will eventually run on our webserver These scripts will allow users to enter and view their information and later to place orders Our developers are creating automated administrative tools to let us work with the database These scripts need complete access to the database but will only be run from inside our network The database should be populated with a reasonable set of test data before the start of the exercise You should develop appropriate applications or instructions to allow users to remotely access the necessary databases These can be pieces of stand alone code written in e g C C Perl Python or a complete web application 4 Our sales offices will need to be able to share their insights from client meetings with the engineering group a Each sales offices has a staff of 30 and members of one sales office often are temporarily assigned to another sales office b We expect that files too large to be sent via email will need to move to and from the sales office sites c The regular sales office staff are only familiar with Microsoft products and insist that they have administrator rights on their machines d Each member of the sales office team needs read access to the products database e Each sales office needs an internal file server f Complete instructions on how to access the sales database must be present on the internal file server Each member of the sales office team has created a text file on the file share that contains the information that they use to access the database 5 Our headquarters staff has fifteen people One VP a manager for each sales group a manager for the enginnering group and IT group manager five administrators and a staff of five IT experts The managers need to have access to both the headquarters computers as well as the computers in their respective offices 6 We will need to provide the complete network infrastructure for the organization including DNS and domain controllers 7 The team needs to provide a complete and appropriate defensive infrastructure firewalls logging and intrusion detection You need to design the complete architecture including an estimate of the number and types of machines that will be at each office Usability of the system is of maximum importance if we are unable to get our jobs done design engineering sales you will lose yours Security breaches are unacceptable and may cause us to join ACME on the scrapheap of companies that cannot make it in today s competitive economy Particular attention needs to be paid to the prevention of industrial espionage 2 1 1 About the exercise structure On Sunday May 9 you will need to provide to the instructor by email two sets of documentation on your infrastructure One will describe how your own non IT staff employees will access and use the systems it should include all accounts and password save those for the IT staff and system administrators The second will describe how your partner will do the same These will be passed to your