(Solved) : Work Egs Testing Solutions Company Involved Testing Related Access Control Systems Large P Q30111494 . . .
You work for EGS Testing Solutions; your company is involved intesting related to access control systems. A large, private fitnessclub contacted your company because their Web server was hacked.The fitness club has a corporate office with 50 workstations, 4application servers, 2 e-mail servers, 2 Web servers, and 129franchisees with 10 workstations and about 3,500 members at eachlocation. Except for the equipment at the franchisees’ locations,all other equipment resides at the central headquarters.
The fitness club was unsure whether the Web server hacking tookplace because of the former administrator, who quit under less thanamenable circumstances, or if an external party had found their“Achilles heel.” The perpetrator was able to access the corporateWeb server by using the remote login of the Microsoft (MS) Windowsnetwork administrator. Once the hack was realized, theadministrator was forced to shut down the connections to all their129 franchisees that needed access to the corporate Web server. Thefranchisees require access to the Web server to review theircustomers’ personal information, fitness progress, and goals aswell as to share information with the corporate headquarters in asecure manner. Members and club staff also make periodic paymentsfor dues and services using this system, including credit cardpayments.
Your company has been engaged to provide a cost-effectivesolution that would allow the new administrator to do thefollowing:
Control access to resources by preventing unauthorized usersfrom logging in to privileged areas.
Audit and review user activities to prevent future hacks thatcould compromise network integrity.
Change the existing system to strengthen it as necessary.
Add technology, as necessary, to detect security breaches.
To be able to develop a cost-effective solution, your companymust focus on developing a reasonable and cost-effective testingplan to identify any weaknesses in the network.
Develop a comprehensive and ongoing vulnerability andpenetration test plan. Include solutions in the test plan forunauthorized access in the corporate workstations, applicationservers, mail and Web servers, and wireless routers.
. . .