Higher Colleges of Technology

Bachelor in Applied Science

Information Systems Security and Forensic
Group Project
Version One

This project relates to:

Course Name Course No Faculty

Incidence Response and CSF 3103

Disaster Recovery
 Table of Contents
1. Introduction......................................................................................................................................................3
2. Project Requirements.......................................................................................................................................4
a) Contingency Plan Document.........................................................................................................................4
b) Incident Response Document.......................................................................................................................4
c) Disaster Recovery Document........................................................................................................................4
d) Disaster Recovery Implementation Document..............................................................................................4
3. Project Specifications........................................................................................................................................5
4. Data Center Architecture..................................................................................................................................5
5. Data Center Diagram.........................................................................................................................................7
6. Information Technology Department................................................................................................................8
a) Information Technology Department Organization Chart.............................................................................8
b) Finance Department Organization Chart.......................................................................................................9
c) Operations Department Organization Chart.................................................................................................9
d) Information Department Organization Chart..............................................................................................10
7. Potential Threats and Security Concerns........................................................................................................11
8. Recent Threats Faced by the Company...........................................................................................................11
9. Resources Required for the Practical implementation....................................................................................12
a. VmWare Workstation 11.0..............................................................................................................................12
b. Windows Server 2012 Standard Edition Operating System.............................................................................12
c. FreeNas Open Sources NAS server..................................................................................................................12
10. Report Assessment Criteria.........................................................................................................................13
11. Project Demonstration Rubric.....................................................................................................................15
12. Project Groups............................................................................................................................................17
13. Report Format Guidelines...........................................................................................................................18
Sample title page................................................................................................................................................20
Sample Reference Format...................................................................................................................................21

2
1. Introduction

A group of students will be required to analyze the requirements of the Company XYZ. Following points
to be considered during analysis. Please read the project specification document carefully.
1. Operations
2. Data center
3. Network infrastructure
a. Logical Diagram
b. Physical Diagram
4. Normal Operations
5. Physical Security Issues
6. Disaster Recovery Implementation
a. RAID 1, 3, 5 Implementation
b. Windows Server 2012 cluster implementation

After analysis of the company the group is required to design a Contingency Plan which mainly includes
Incident Response and Disaster Recovery Plan. Once the IR and DR plan is ready a practical
implementation of the solution will be required. The practical implementation will require to setup
RAID 1, 3, 5 and failover cluster configuration on the Windows Server 2012. The project will require at
least 5 weeks of continuous work. You will be working on the project at your own free time, however
one hour of class time per week will be allocated to discuss the project with each team. All the resources
such as operating system, computers and support will be provided by the college.
During the discussion each team member must be present. A team leader will be chosen by the team
members who will be responsible for communication and project progress, and team meetings. Team
members will be selected during the class time in week 7.
Students can use different templates available on the internet to seek help in designing the project
requirements. A proper reference should be listed, if any internet resource is used.

NOTE: Project submission time will be in Week 14 and the presentation will be in the
same week.
Any project submitted late will be penalized by 5% reduction/day
Group Marks: 20% (Project Report including all the design details)
Individual Marks: 10% (Demonstration with questions)

3
2. Project Requirements

Below are the project requirements which each group is supposed to fulfil.

a) Contingency Plan Document

1. Introduction
2. Form Contingency Planning Management Team
3. Draw CPMT organization and structure diagram
4. Conduct Business Impact Analysis
5. Identify preventive controls
6. Ensure plan testing, training, and exercises

b) Incident Response Document

1. Form the IR planning committee

2. Form an Incident Response Planning Team (IRPT)
3. Draw IRPT organization and structure diagram
4. Organize the Computer Security Incident Response Team (CSIRT)
5. Develop the IR plan.

c) Disaster Recovery Document

1. Form a Disaster Recovery Planning Team (DRPT)

2. Draw a DRPT organization and structure diagram
3. Develop the DR plan
4. Create DR contingency strategies

d) Disaster Recovery Implementation Document

1. Draw a Logical diagram of DR setup

2. Draw a physical diagram of DR setup
3. Design an IP address scheme for DR devices
4. Naming convention of DR devices
5. Installation and configuration of RAID 1, 3, 5 on DR devices
6. Installation and configuration of Cluster on DR devices
7. Testing of DR operations

4
3. Project Specifications
Company XYZ is a software company which consists of 1500 total staff, employed at the headquarters
and other branches across the country. Its business model relies on electronic transactions with key
customers and suppliers. Company XYZ uses a BizTalk Server implementation for its transactions.

Company XYZ uses BizTalk Server to manage transactions and communications between internal and
external applications. Company XYZ communicates with approximately 85 internal applications and
2300 trading partners. It currently processes approximately 2.5 million documents per month, and
estimates that it will process 6 million documents per month by the end of 2016.

4. Data Center Architecture

Company XYZ has installed all the products from Microsoft, which includes domain controllers, file
servers, print servers and exchange server. All products are licensed and number of licensed purchased
are enough for the company employee strength.

Company XYZ uses BizTalk Server as a message broker to communicate between internal applications
and to process, send, and receive correctly formatted messages to and from its suppliers and customers.
Company XYZ has to process internal and external documents in different formats. This includes flat
files and XML documents.

Company XYZ uses a single firewall to separate its corporate computers from the Internet. As an added
layer of security, Company XYZ incorporates Internet Protocol security (IPsec) communication between
all its corporate servers and workstations that reside within the corporate network. Company XYZ uses
IPsec to encrypt all communications within its internal domain.

Company XYZ uses a file share server to receive flat files. This file share server resides outside its
corporate network and domain. A firewall separates the file share server from the corporate network.
Company XYZ's external partners post their flat file documents on this file share server, and they
communicate with the file share server through an encrypted Point-to-Point Tunneling Protocol (PPTP)
pipeline. Company XYZ protects access to the file share server by partner passwords that expire every
30 days.

Company XYZ has created a custom file-movement application that retrieves the flat file documents
from the file share server and sends them to BizTalk Server for additional processing. The internal
applications for Company XYZ also use the custom file-movement application to pass flat files to
Application Server, transforms these documents and sends them to Company XYZ's trading partners.

Before BizTalk Server transforms the partner data to the internal application formats, it validates that it
has an entry for the sender, receiver, and document type. If BizTalk Server receives a message for which
it does not have an entry for either the sender, receiver, or document type, BizTalk Server rejects the
message, and the operations team of Company XYZ review the message. The internal applications send
messages in a variety of formats.

Company XYZ also receives documents through HTTP from internal and external sources. External
partners post their documents to a Web server outside the corporate network. A firewall separates this
Web server from the corporate network. The custom file-movement application also retrieves the
5
documents posted through HTTPS. Company XYZ uses a third-party product to encrypt and sign
messages to its trading partners. As an additional piece of security, Company XYZ performs a nightly
audit on all the servers to make sure they have the correct security settings. Company XYZ logs all
exceptions for review.

Company XYZ uses a Microsoft Exchange server to exchange emails internally and externally. A mail
exchange relay is installed outside the firewall to receive emails, check for any virus infection and then
move the message to the internal exchange server. An antivirus software is installed on the exchange
relay to do the virus check. Outlook web access (OWA) is provided to all the internal users to use the
email system outside the company using Microsoft Outlook software installed on their laptops.

6
5. Data Center Diagram

7
6. Information Technology Department
Company XYZ has an IT department which takes care of the data center, network infrastructure,
Application servers, software and user support. The IT department does not employ any specialized
security specialists, however, it relies on the network engineers to look after security issues. Company is
willing to spend considerable amount in hiring new staff for information security. The company realize
that the information security is more important than responding to an incident and loosing important
data. An organization chart of the company is shown below.

a) Information Technology Department Organization Chart

CEO

Assisstant

CFO COO CIO

8
b) Finance Department Organization Chart

CFO

Mgr. Mgr.
Controller Exec. Asst
Accounting Marketing

Senior Markeing
Admin Asst. Audit Supv. Sr. Auditor
Accountant Spec.

PR.
Accountant Auditor
Coordinator

Accountant Auditor

c) Operations Department Organization Chart

COO

HR Mgr. Mgr. Corp.

Exec. Asst.
Consultant Marketing Security

Admin Admin.
Asst. Asst.

9
 d) Information Department Organization Chart

CIO

Mgr. Systems Mgr. Applications Mgr. Help Desk Exec. Asst Mgr. Netw

Senior System Senior Systems Senior Help Desk Senior Help Desk Senior Help Desk Ne
Admin Asst.
Admin. Developer Administrator Administrator Administrator A

Senio
Third Shift Supv. Systems Admin. Systems Dev. Help Desk Tech. Help Desk Tech. Help Desk Tech.

Senior Network Senior Help Desk

Second Shift Supv. Systems Dev. Help Desk Tech. Help Desk Tech. Netw
Admin Administrator

Senior Help Desk

Admin Asst. Intern Help Desk Tech. Help Desk Tech. Ad
Administrator

Admin Asst.

10
7. Potential Threats and Security Concerns
Company XYZ wants to make sure that it receives and processes only messages from authenticated
sources. Company XYZ also wants to make sure that it can receive and retrieve documents from outside
its corporate network as safely as possible. The firewall that separates Company XYZ's corporate
network from the Internet only lets through traffic from port 80 and port 443. The firewall rejects all
other traffic.

Company XYZ also wants to make sure that their email system is not hacked or cracked because they
heavily rely on the email messages from clients to process their transactions.

Company XYZ also want to protect its data regarding its employees, customers, transactions, financial
and other documents related to business by implementing proper RAID system and cluster systems in
the data center.

Company XYZ wants to make sure that the employees use encrypted USBs only, they would like to
distribute the digital certificate using the domain controllers.

Company XYZ also wants to implement backup process to secure all critical data of the business.

Company XYZ would like to implement physical security as well and central monitoring system.

8. Recent Threats Faced by the Company

Following are the recent incidents faced by the company few months ago.
1. The help desk person realized that someone is sending emails from the CEO account, he suspected
an email hack and escalate the Incident to the network team. The CEO assistant had access to the
email account but she was not present in the office at the time of the email sent. The CEO was also at
home and enjoying dinner with his family. The network team did its own checkup and concluded that
email has been initiated by the director account and it’s a legitimate email and not hacked. Since the
company do not have an information security team, they could not figure out on who has sent the
email to the system and the case was closed.

2. The helpdesk team reported that one of the BizTalk server failed to respond in the middle of the day,
when most of the transactions were processing. A cluster of BizTalk servers is running in the
datacenter and suppose to take over if one of the server fails, but it did not happen. A network team
member examined the situation and figured out that the problem in the network connection did not
force the redundant server to take over. However, it took him long time to fix the issue, which
resulted in many transaction failure and loss of revenue.

3. Many of the employees in the company report virus threats and assume hacking and cracking.
Therefore they have started copying their important data on the USB hard Drives and keep them in
their laptop bags in case of emergency. The employees are allowed to bring in the USB flash drives,
USB hard Drives and any other media into the company.

4. The company personal security officer reported that he has spotted a person roaming in the office
area. This person do not seems to be an employee or any partner vendor engineer or support. He
11
 reported the issue to the management and the person was just asked to leave the premises without
any interrogation. The management is concerned about the physical security of the company. They
are concerned on privacy, identity theft, social engineering and physical theft of any device.

5. One of the female employee reported that another colleague is harassing her by sending personal
emails. The company management intervened and gave warning to the employee if this is reported
again he will be fired. However, the employee threatened the management if they fired him he will
sue the company and fight for his rights.

9. Resources Required for the Practical implementation

a. VmWare Workstation 11.0

b. Windows Server 2012 Standard Edition Operating System

c. FreeNas Open Sources NAS server

12
10. Report Assessment Criteria

Group Number: ______________________________

Student Name: ______________________________ ID No.: ______________________

Student Name: ______________________________ ID No.: ______________________
Student Name: ______________________________ ID No.: ______________________

1. Presentation 10 8 6 4 2 0
Appearance, format, cover page information,
sub-headings, font style, font size, spacing

2. Contingency Plan Document 10 8 6 4 2 0

Introduction
Form Contingency Planning Management Team
Draw CPMT organization and structure
diagram
Conduct Business Impact Analysis
Identify preventive controls
Ensure plan testing, training, and exercises
Contingency Plan Total Marks

3. Incident Response Document 10 8 6 4 2 0

Form the IR planning committee

Form an Incident Response Planning Team
(IRPT)
Draw IRPT organization and structure diagram
Develop the IR plan
Ensure plan training, exercises, testing and
maintenance
Incident Response Document Total Marks

13
 4. Disaster Recovery Document 10 8 6 4 2 0

Form a Disaster Recovery Planning Team

(DRPT)
Draw a DRPT organization and structure
diagram
Develop the DR plan
Create DR contingency strategies
Disaster Recovery Document Total marks

5. Disaster Recovery Implementation 10 8 6 4 2 0

Document
Draw a Logical diagram of DR setup
Draw a physical diagram of DR setup
Design an IP address scheme for DR devices
Naming convention of DR devices
Installation and configuration of Windows
Domain Controller
Installation and configuration of RAID 1, 3, 5
on DR devices
Configuration of Storage on FreeNAS device
Configuration of iSCSI on Windows servers
Installation and configuration of Cluster on DR
devices
Testing of DR operations
Disaster Recovery Implementation
Document Total

6. Total Project Report Marks

INSTRUCTOR’S SIGNATURE: ________________________ DATE: _______________

14
 11. Project Demonstration Rubric

Student Name: ______________________________ ID No.: ______________________

CATEGORY Excellent - 5 Satisfactory - 3 Unsatisfactory Score

Demo: Demonstration provides a clear Demonstration provides an - 1 was
No introduction
Introduction introduction to the project idea. unclear introduction to the project provided to demonstration.
Project Title and Aims are clear. idea. Project title and aims are not Not aware of project
clear. details.
Demo: Behind- A verbal behind-the-scenes Demonstration provides a limited No behind-the-scenes
the-Scenes description is provided during the discussion on the behind-the- discussion was provided
demonstration. scenes systems. Not provided to accompany
clear discussion of Operating demonstration.
The use of an Operating System,
Systems, Cluster or NAS.
cluster, NAS?

Demo: Windows A Clear Demonstration is Demonstration provides limited Demonstration do not provide
provided for topology, information on topology, proper discussion on topology,
connections, IP addresses and connections, IP addresses and connections, IP address and
domain configuration. domain configuration. domain configuration.

Demo: Cluster A clear demonstration is provided Demonstration provides limited Demonstration do not provide
on cluster configuration information on cluster information on cluster
including iSCSI, quorum, shared configuration including iSCSI, configuration including iSCSI,
storage, and health check. quorum, shared storage, and quorum, shared storage, and
health check. health check.

15
Demo: NAS A Clear Demonstration is Demonstration provides limited Demonstration do not
provided for NAS configuration, discussion on NAS configuration, provides clear discussion on
including adding a storage including adding a storage NAS configuration, including
device, allocation, and device, allocation, and adding a storage device,
configuration for Windows server configuration for Windows server allocation, and configuration
2012. 2012. for Windows server 2012.

Demo: Demonstration covers all major Demonstration provides a No demonstration was

Application features of the proposed shallow overview of your provided or the
application from a user application. Or, some application application is non-
standpoint, including multiple features were incomplete and functional.
user accounts and both text and not available for demonstration,
binary data types. Application is such as multiple user accounts
fully functional. or text and binary data types.

T
o

INSTRUCTOR’S SIGNATURE: ________________________ DATE: _______________

Project Report Marks

Demonstration Marks
Total Project Marks Earned

16
12. Project Groups

Domain Names and IP Addresses

Name ID Group Project Domain Name IP Addresses

Number

17
13. Report Format Guidelines

You should include the following items in this order in your report:

1. Title (cover) page Project title: Arial, font size 14, capitals, bold, centered.

Students’ names, ID & section number; Arial, font size 12 centered.

(See sample on page 14)

2. Proposal page Title: Arial, font size 12, capitals, bold, centered.

Text in indented paragraphs: Arial, font size 12, 1.5 spacing, justified.

3. Body Section headings: Arial, font size 14, capitals, bold, centered, underlined.

Text in indented paragraphs: Arial, font size 12, 1.5 spacing, justified.

Titles for tables, charts, graphics: Arial, font size 10, centered, italic.

4. Bibliography Heading: Arial, font size 14, capitals, bold, centered, underlined

18
 Sources: Arial, font size 12, 1.5 spacing. List sources in alphabetical order, MLA style (see
page 15)

5. Appendix Hard copy of PowerPoint presentation (Handout view – 6 per page).

Any additional relevant material: Arial, font size 12, single-spaced.

Use your spell-checker and use your own words. If you copy any material, it should be in quotation marks (“ “) and
footnoted. You should normally use your own words in the report unless you want to cite a fact related to setting up your
business. Plagiarism is not tolerated at HCT.

19
Sample title page

Higher Colleges of Technology

Abu Dhabi Men’s College

Project Report

Group Number
20
 Students’ names & ID numbers:
Section number:
Submitted To:
Submission Date:

Sample Reference Format

MLA style examples (for your bibliography page)

Note: in your own bibliography, do NOT write the headings (e.g. do NOT write “BOOK, ONE AUTHOR”)

BOOK, ONE AUTHOR

Blackmore, Susan. Consciousness: An Introduction. New York: Oxford UP, 2004.

BOOK, TWO OR THREE AUTHORS

Maddock, Richard C., and Richard L. Fulton. Marketing to the Mind: Right Brain Strategies for Advertising and Marketing.
Westport, CT: Quorum, 1996.

BOOK, AN EDITOR

21
Lopate, Philip, ed. The Art of the Personal Essay: an Anthology from the Classical Era to the Present. New York: Anchor-
Doubleday, 1994.

ARTICLE IN A REFERENCE BOOK

Coulter, Ellis Merton. "John Adair." Dictionary of American Biography. Ed. Allen Johnson. Vol. 1. New York: Scribner's
Sons, 1964.

ENCYCLOPEDIA ARTICLE, SIGNED

Gates, David M. "Astronomy." Encyclopedia Americana. 1996 ed.

ENCYCLOPEDIA ARTICLE or DICTIONARY ENTRY, UNSIGNED

"Onomatopoeia." Merriam-Webster's Collegiate Dictionary. 11th ed. 2003.

ARTICLE FROM A WEEKLY MAGAZINE

Boyce, Nell. "A Law's Fetal Flaw." U.S. News and World Report 21 July 2003: 49-51.

WEB SITES

BASIC ENTRY
Miller, Elizabeth. “Update on the Dracula Park.” Dracula’s Homepage. 12 Oct 2003. Memorial Institute of Newfoundland,
Newfoundland, Canada. 6 Nov. 2003 <http://www.ucs.mon.ca/%7Eemiller/ >.

NO AUTHOR
Dutch Recipes. 9 Jun. 1998. 16 Sept. 2003 <http://www.fortunecity.com/victorian/verona/190/eten.htm>.

22
DATABASES

PROQUEST
Lichtblau, Eric. “Administration Plans Defense of Terror Law.” New York Times 19 Aug. 2003, late ed. (East Coast): A-1.
ProQuest. Abu Dhabi Men’s College, Abu Dhabi. 22 Oct. 2004.
< http://www.proquest.com >.

23