Friday, April 24, 2020

Internet Security free essay sample

| IT Security Consultants, Inc. 555 East 1000 South, Salt Lake City, UtahPhone Number: (801) 555-0100 Fax: (801) 555-0110 | 2/23/2009| | | FTD Enterprises| Request for Proposal| | Brandon Moore Justin JoosBrandon LittleMark PetersonJason Kilgore| | **This document meets a request for proposal from FTD Enterprises to implement a security infrastructure and other tasks stated in the proposal. | Table of Contents Company Overview3 Project Team Staffing4 Executive Summary7 Scope, Approach, and Methodology8 Risk Assessment8 Problems and Solutions8 Assumptions13 Project Management14 Resources14 Task List15 Network Topology24 Deliverables29 Budget30 Appendix: Detailed Budget33 Appendix: Risk Assessment35 Appendix: Continuity Plan37 Appendix: Backup/Disaster Recovery Plan45 Appendix: Business References51 Appendix: References52 1. Company Overview IT Security Consultants, Inc. was founded in 2001. We are a consulting and networking solutions provider. Our staff consists of experienced architects, project managers, analysts, and application developers to help organizations make the most effective use of their systems, people and processes. IT Security Consultants, Inc. is lead by a highly qualified group of business and technology professionals whose collective backgrounds consist of years of experience. We will write a custom essay sample on Internet Security or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page This in-depth experience is well-rounded in business procedures and networking techniques. We have managed projects throughout the IT spectrum: from strategic network planning, device selection to installation, application development, conversion, training, and support. Our success is predicated on high calibre, experienced professionals who build positive, lasting relationships with our clients. We work closely with our clients to understand their goals so that our projects can meet their needs and expectations. Careful planning is the key to preventing expensive surprises and disappointments. We ensure that the recommendations we put forward are implementable within a reasonable time-frame and reasonable cost-range, based on your operational needs. Our Mission: To exceed client-expectations at every stage of the process by providing exceptional service and assuring, through innovation and industry best practices, the most effective solutions. . Project Team Staffing Brandon Moore IT Security Consultants, Inc. CEO Brandon Moore is the CEO and co-founder of IT Security Consultants, Inc. , a unique computer network consulting firm. Since 2004, IT Security Consultants, Inc. has been recognized as a leading consulting company. Brandon currently maintains a Bachelor’s of Computer Science and a Master’s of Business Administration. Brandon Moore began his career in in formation security five years ago with a large web development company. Later, Brandon was a consultant for emerging technical companies, before beginning his own. He began IT Security Consultants, Inc. in 2001 with the desire to bring answers for security and reliability concerns to other businesses currently without the resources or knowledge to do so. The projects IT Security Consultants, Inc. takes on are typically very large and often costly. As CEO of IT Security Consultants, Inc. , Brandon takes a genuine interest in all his customers, and involves himself in the design and planning of most projects. He has built IT Security Consultants, Inc. o not only be an information security power house, but to also provide excellent maintenance and customer service to customers. Justin JoosPresident As President and co-founder of IT Security Consultants, Inc. , Justin manages all major aspects of the  company, including: Sales, Marketing, Customer Service, Accounting, Human Resources, and Recruiting. Previously, he held top management positions at Vitronix , a $75 million systems integrator and training organization. Vitronix had the first and largest Microsoft and Novell authorized training centers in the Northeast and operated 7 training centers. Before Vitronix, Justin was a Department Manager at Federated Stores in Boston, MA where he completed their Executive Training Program. Justin has his Bachelor’s Degree in Computer Science, and an MBA in Business Administration. Project Team Staffing Jason Kilgore — Sales Director Jason Kilgore joined IT Security Consultants, Inc. in 2005 and began a successful sales career culminating in his role as Sales Director. Jason recruits, develops, and manages the sales team and is responsible for the overall coordination and leadership of all sales activities to meet the needs of IT Security Consultants, Inc. ustomers and the objectives of IT Security Consultants, Inc . ’s business plans and strategies. Jason also provides expert advice on Linux solutions to the company infrastructure. Prior to working at IT Security Consultants, Inc . , Jason was a General Manager and a corporate trainer with The Discovery Zone. Jim Halgren — Information Systems Manager Jim joi ned Capstone Securities in 2003 and has grown in various positions to his present position which he has held since 2005. He is responsible for the company’s advanced IT infrastructure including: system and application software, computers and servers, and communications. His education includes an Associate’s Degree in networking, a Bachelors Degree in Information Security and a Masters Degree in Computer Science. Jim is no stranger to network security and implementation of networks, having spent 7 years as a security consultant and a network engineer, which taught him the importance of proper network security and the importance of security policies. Jim has more than 10 years of networking and security experience, varying from very large to very small networks. His knowledge and methodologies have developed through years of fundamental network communications work. His experience culminates in a rich set of credentials for his concentration in information security. Project Team Staffing Mark Peterson — Business/Financial Manager Mark Peterson joined IT Security Consultants, Inc. in 2002, after returning from working in China. Mark has a Bachelor’s Degree in Information Security, a minor in Chinese, and a Master’s in Business. Mark also has university teaching experience and has made many presentations in front of conference audiences, and corporate senior management. Mark is a motivator who keeps people focused on the goal; he is a mediator who finds common ground among both parties and a listener. With experience in computers, many suppose that he should be clueless about what others are trying to communicate, but his attention to non-verbal cues and interest in reaching consensus makes that a poor assumption. Mark is a consultant with eyes that see the whole picture and not just a narrow sliver. Mark has designed and programmed computer systems for a variety of clients and handled the finances for two successful companies as an entrepreneur. As a result, he can talk bits and bytes to the technical staff and debits and credits with the CFO. He can consider a request for new software or hardware and judge a redesign of a current business process is sufficient because of his expertise in optimization. Experience has equipped Mark to recognize that the core issue at the base of almost any information technology problem is usually a people issue, not a technology one. Unless people are motivated to change, unless they are involved in finding solutions to the problems at hand, and unless they communicate with each other, the best technology is bound to disappoint. 3. Executive Summary For several months employees and executives of FTD Enterprises have complained of bandwidth and connectivity issues within its network; there have also been problems with theft and concerns over the integrity of intellectual property. Moreover, FTD Enterprises has expressed concern for overall network security and the high turnover rate of IT staff. An RFP was issued on December 1st 2008, requesting an assessment and solutions to the multiple problems occurring within FTD Enterprises. During the last few weeks, we at IT Security Consultants, Inc. have reviewed the RFP and case studies provided by FTD Enterprises in reference to its security and network concerns; we have found several vulnerabilities that we will be addressing in detail. The main categories of concern are: * Business Continuity * Building/Perimeter Security * System Access * Physical Access * Data Center and Communication Closets Network Security Given these areas of concern, we recommend the following actions: * Backup and disaster recovery procedures * Personnel checkpoints and video surveillance * Implementation and enforcement of security policies and procedures * Server and networking equipment hardening * Improvement of WAN/LAN connections In addition to these afore mentioned categories, we will be addressing other concerns regarding the confiden tiality, integrity, and availability of FTD Enterprises’ systems. At IT Security Consultants, Inc. we have a professional team of experts that combine skill, knowledge, experience, and industry certifications to give you the best premiere service possible at an affordable price. We will make your business processes more efficient and lower your overall costs. 4. Scope, Approach, and Methodology IT Security Consultants, Inc. is a business dedicated to providing excellent service and recommendations in reference to networking needs. This document is designed to give a more detailed outline of how IT Security Consultants, Inc. an improve upon the network infrastructure of FTD Enterprises. 4. 1 Risk Assessment The following table illustrates FTD Enterprises’ areas of concern in regards to security, availability, and integrity. The higher the total impact is the more we have focused our resources into resolving. Vulnerabilities| Criticality| Impact Cost| Probability| Total Impact| Buildings| High (3)| Medium (2)| High (3)| High (8)| System Access| High (3)| High (3)| Medium (2)| High (8)| Physical Access| Medium (2)| High (3)| Medium (2)| High (7)| Data Center and Communications Closets| High (3)| High (3)| Low (1)| High (7)| Network Security| High (3)| High (3)| Low (1)| High (7)| Business Continuity and Disaster Recovery| High (3)| High (3)| Low (1)| High (7)| Perimeter of Complex| Medium (2)| Low (1)| High (3)| Medium (6)| Administration and Policies| Medium (2)| Low (1)| High (3)| Medium (6)| Bandwidth Issues| High (3)| Low (1)| Low (1)| Medium (5)| Server Architecture| Medium (2)| Medium (2)| Low (1)| Medium (5)| Network Issues| Medium (2)| Low (1)| Low (1)| Low (4)| Figure 1 Risk Assessment (See Appendix) 4. 2 Problems and Solutions Based on FTD Enterprises’ RFP we have concluded the following problems and needs for improvement. We guarantee that these solutions will not only fix the company’s current problems, but prepare you for future growth. 4. 2. 1 Buildings There is a total lack of internal and external video surveillance. Thickets of large plants and trees around the buildings obstruct the view of surveillance. There are four entrances to the building, none of which have security checks. There is poor lighting inside the building after hours. We propose adding video surveillance in and around the buildings, along with employing a security staff. Only allow for one entrance to buildings, and log all visitors. Increase lighting after hours, and reduce the size of trees and plants. Problems and Solutions 4. 2. 2 System Access The network has poor password and account lockout policies. Employees currently have local administrator access to machines that needs to be abolished. Access is based solely on username and passwords to authenticate. The domain server is not being utilized to its full capability in regards to access control. We plan to implement domain level organizational units based on roles within the company with strict account policies. We will remove local administrative access for non-essential employees. For stronger authentication, add smart cards or USB tokens to computer logon authentication. Do not allow administrator or root accounts to logon to servers. Allow account logons only during designated work hours for standard employees. Overall, implement the least access needed to perform job. 4. 2. 3 Physical Access Employees are granted access to the building during all hours. There is no security personnel. There is a lack of identification badges for visitors and employees. There is a potential for social engineering due to a lack of employee training. Buildings need to be locked after hours; a card lock will allow designated employees to access the building. As mentioned earlier, a full-time security staff will be implemented. Require card access for higher security areas (i. e. communication closets, data center, etc. ) Implement company-wide training on security, social engineering, and the dangers of physical access. Add a badge system for visitors, who will be required to check in and out of the building; visitors are required to have an escort during their stay. 4. 2. Data Center and Communication Closets There is a lack of physical security to the data center. There is also insufficient environmental controls and monitoring for temperature, fire suppression, or flood protection. The site also lacks a central UPS and generator system. Problems and Solutions Data center and communication closets require key card for entry. Anyone accessing the dat a center must log themselves as entering and leaving, as well as documenting any visitors. These facilities need a fire suppression system, and placement of servers and equipment must be mindful of potential flood dangers. The data center should be placed on a raised floor and have temperature monitoring inside the racks. Server racks need to be lockable and kept locked. All servers and networking equipment should be on a UPS system with an automatic transfer switch, and designed for a minimum of two hours of power. Install an outdoor generator system to power the data center for a minimum of 3 days without refuelling. Upgrade all servers to their respective current releases or patches. 4. 2. 5 Network Security There is a lack of port security, and the servers are not in a separate subnet. The wireless network is not implemented via the most recommended security and manageability practices. The company uses outdated protocol to allow remote access. The network also lacks MAC filtering. Require MAC authentication to the network for all wireless devices. In the data center, require MAC authentication to switches and port security. Port security should be implemented via RADIUS. The data center servers and other equipment need to be in their own subnet. Install two Cisco firewalls; one in the data center and the other for the office network. All switches will be replaced for Cisco devices and wireless bridges for Cisco devices as well. Firewall configurations should be set to deny all and allow only as needed. The Cisco VPN client will be used to replace the PPTP and L2TP VPNs with an SSL VPN. Disable remote access connections to the domain controller. 4. 2. 6 Business Continuity The company does not have a system to manage IT and product inventory. There is a lack of frequency of backups, testing of those backups, and off-site storage of backups. There is no redundancy with the domain controller. Problems and Solutions We recommend using a third-party ‘inventory management’ company. Implement a SAN server where all servers will boot from and backups maintained. One of the off-site locations will maintain a backup SAN that will be backed up each weekend. The SAN will be configured to alert for any problems during backups. The same off-site location will also house a redundant domain controller. 4. 2. 7 Perimeter of the Complex There is no fence around the complex, and there are no security checks for vehicles entering the property. There is no video surveillance of the perimeter. There is also a lack of parking lot lighting. Build a fence around the perimeter of all locations. All vehicles will enter and exit through one point, monitored by security. Install tire spikes. Video surveillance will also be extended to the perimeter. Increase the lighting of the parking lot. 4. 2. 8 Administration and Policies There are major human resources issues in regards to post termination processes, policies for temporary and janitorial employees, and IT and Security personnel. Overall, there is a lack of security policies and a method of enforcing and auditing them. There also appears to be poor inter-departmental communication and cooperation. There is the use of personal hardware and software on company machines. Company computers also lack uniformity and disk encryption for mobile devices. Develop policies in the hiring, firing, or temporary disabling of employees. Develop policies for IT, security personnel, janitors and other temp workers, and other departments. Recommend giving ownership to an employee(s) for maintaining the policy. Each department should have a director or manager to report to, who then reports to the manager of managers to help improve departmental communication. Ban the use of all personal hardware and software on company machines. Company laptops need to be purchased with whole disk encryption and Problems and Solutions built to uniformity. Each departmental manager should have the responsibility of enforcing the security policy. 4. 2. 9 Bandwidth Issues Research and Development has many issues regarding bandwidth, both internally and externally. The main WAN connection is using an outdated frame-relay connection and each satellite location has only a fractional T-1. There exists an inadequate main office network between buildings. Each department is not separated by VLANs. There is no system performing bandwidth throttling to each department. Each department will be on a separate VLAN, which will have a throttled Internet connection. For WAN connections, we recommend the minimum of a 20 Meg WAN connection at the NY and backup facility; for the other facilities, we recommend a 5 Meg WAN connection. Each remote site will have an IPSec connection to the main site in Albany, NY for any internal communications. Fiber connections will be ran between buildings and wireless links for redundancy. These links will be managed via OSPF for automatic failover. All networking equipment will be Gigabit ready for future network upgrades. 4. 2. 0 Server Architecture There is no central server for the updating of operating systems, anti-virus programs, or network equipment firmware. The mail server lacks server-side spam filtering. Logs are not stored in a central location to ease analysis. The web server is running on an outdated server with outdated methods of manageability. There is not a use of a file server for employees to maintain t heir work on. All Windows servers will be patched to current release. The MS Exchange server will be upgraded to 64-bit 2003 Server and Exchange 2007 for OWA. Server-side spam filtering will be implemented. Each Windows Server will be installed with a client to reformat logs and push over to a central log server to increase manageability. DFS will be implemented for storage of Problems and Solutions employee work. We will install a new web server to IIS 6. 0 and move management to internal staff. We will install a new server for WSUS, anti-virus, and firmware patches. 4. 2. 11 Network Issues The network is designed under inconsistent and outdated hardware/firmware. The network devices communicate routes via RIP. It is not uncommon for employees to use the Internet for personal use. There is a lack of monitoring of switches, routers, and other services. The network lacks proper documentation. As stated before, all switches, wireless bridges, and routers will be upgraded to Cisco hardware and be standard company-wide. A network monitoring tool (‘What’s Up’ Gold) will be added where SNMP data will be collected. To prohibit personal use of the Internet, we will implement a software solution that blocks unauthorized Internet use. All the upgrades and changes made by IT Security Consultants, Inc. will be thoroughly documented and handed over to FTD Enterprises. 4. 3 Assumptions The following statements are assumptions that we are expecting FTD Enterprises to handle outside the scope of this project: * RFP provided was formed as a result of a complete audit. * Maintenance and other recurring costs associated with specific hardware vendors or services will be funded by FTD Enterprises. * FTD Enterprises is responsible for any ISP services required. * FTD Enterprises will not have adequate ISP service at time of installation; therefore, services such as SAN replication and IPSec tunnelling will be configured, but disabled until proper WAN connections are implemented. There will be no changes to the telecommunication systems, and is under the jurisdiction of FTD Enterprises to manage. * FTD Enterprises will maintain responsibility for physical security. * FTD Enterprises already has adequate cooling in their data center. 5. Project Management 5. 1 Resources Resource Name| Type| Initials| Std. Rate| SC Justin| Work| S| $75. 00/hr| SC Brandon M| Work| S| $75. 00/hr| SC Brandon L| Work| S| $75. 00/hr| SC Mark| Work| S| $75. 00/hr| SC Jason| Work| S| $75. 00/hr| SC Server Team 1 (Albany)| Work| S| $225. 00/hr| SC Server Team 2 (Phoenix)| Work| S| $225. 00/hr| SC Server Team 3 (San Diego)| Work| S| $225. 0/hr| SC Server Team 4 (Miami)| Work| S| $225. 00/hr| SC Server Team 5 (Houston)| Work| S| $225. 00/hr| SC Hardware Team 1 (Albany)| Work| S| $150. 00/hr| SC Hardware Team 2 (Phoenix)| Work| S| $150. 00/hr| SC Hardware Team 3 (San Diego)| Work| S| $150. 00/hr| SC Hardware Team 4 (Miami)| Work| S| $150. 00/hr| SC Hardware Team 5 (Houston)| Work| S| $150. 00/hr| SC Network Team 1 (Albany)| Work| S| $300. 00/hr| SC Network Team 2 (Phoenix)| Work| S| $300. 00/hr| SC Network Team 3 (San Diego)| Work| S| $300. 00/hr| SC Network Team 4 (Miami)| Work| S| $300. 00/hr| SC Network Team 5 (Houston)| Work| S| $300. 00/hr| SC Administration Team 1 (Albany)| Work| S| $300. 00/hr| SC Administration Team 2 (San Diego)| Work| S| $300. 00/hr| Albany Fire Suppression| Work| A| $0. 00| San Diego Fire Suppression| Work| S| $0. 00| Albany Fencing| Work| A| $70. 00/hr| San Diego Fencing| Work| S| $70. 00/hr| Albany Security| Work| A| $110. 00/hr| Phoenix Security| Work| P| $110. 00/hr| San Diego Security| Work| S| $110. 00/hr| Miami Security| Work| M| $110. 00/hr| Houston Security| Work| H| $110. 00/hr| Albany Wiring| Work| A| $100. 00/hr| Phoenix Wiring| Work| P| $100. 00/hr| San Diego Wiring| Work| S| $100. 00/hr| Miami Wiring| Work| M| $100. 00/hr| Houston Wiring| Work| H| $100. 00/hr| Albany Maintenance Co. | Work| A| $80. 00/hr| San Diego Maintenance Co. | Work| S| $80. 00/hr| Albany Generator| Work| A| $0. 00| San Diego Generator| Work| A| $0. 00| FTD Administration| Work| F| $0. 00| FTD Information Systems| Work| F| $0. 00| Project Management 5. 2 Task List | Task Name| Duration| Start| Finish| Predecessors| Resources| 1| Project| 55 days| Wed 4/1/09| Tue 6/16/09| | SC Justin, SC Brandon M, SC Brandon L, SC Mark, SC Jason| 2| | | | | | | 3| Systems Audit| 5 days| Mon 4/13/09| Fri 4/17/09| | | 4| Audit All Systems| 5 days| Mon 4/13/09| Fri 4/17/09| | | 5| | | | | | | | Administration and Policies| 22 days| Mon 4/20/09| Tue 5/19/09| | | 7| Recommend Hiring or Outsourcing of Security Personnel| 1 day| Mon 4/27/09| Mon 4/27/09| | SC Administration Team 1 (Albany)| 8| Train Personnel: Physical Access| 5 days| Tue 4/28/09| Mon 5/4/09| 7| SC Administration Team 1 (Albany)| 9| Recommend Hiring of A dequate IT Staff| 1 day| Tue 5/5/09| Tue 5/5/09| 8| SC Administration Team 1 (Albany)| 10| Develop Physical Security Policy| 1 day| Wed 5/6/09| Wed 5/6/09| 9| SC Administration Team 1 (Albany)| 11| Develop Access Control and Group Policy| 1 day| Thu 5/7/09| Thu 5/7/09| 10| SC Administration Team 1 (Albany)| 12| Develop Network Security Policy| 1 day| Fri 5/8/09| Fri 5/8/09| 11| SC Administration Team 1 (Albany)| 13| Develop Auditing Policies| 1 day| Mon 5/11/09| Mon 5/11/09| 12| SC Administration Team 1 (Albany)| 14| Develop Encryption Policy| 1 day| Tue 5/12/09| Tue 5/12/09| 13| SC Administration Team 1 (Albany)| 15| Train Personnel: Policies| 5 days| Wed 5/13/09| Tue 5/13/09| 14| SC Administration Team 1 (Albany)| 16| Train IT Staff| 11 days| Mon 4/20/09| Mon 5/4/09| | | 17| Training: Policies and Procedures| 2 days| Mon 4/20/09| Tue 4/21/09| | FTD Administration, SC Administration Team 1 (Albany)| 18| Training: Hardware| 2 days| Wed 4/22/09| Thu 4/23/09| 17| SC Hardware Team 1 (Albany)| 19| Training: Network| 3 days| Fri 4/24/09| Tue 4/28/09| 18| SC network Team 1 (Albany)| 20| Training: Server Configuration| 3 days| Wed 4/29/09| Fri 5/1/09| 19| SC Server Team 1 (Albany)| 21| Training: Security| 1 day| Mon 5/4/09| Mon 5/4/09| 20| Albany Security| 23| Train Personnel: Computer Access| 1 day| Wed 4/2/09| Wed 4/22/09| | SC Administration Team 1 (Albany)| Project Management 24| Replace Existing Laptops for Administration and Sales| 2 days| Mon 5/11/09| Tue 5/12/09| | FTD Information Systems| 25| | | | | | | 26| Albany| 50 days| Wed 4/1/09| Tue 6/9/09| | | 0| Buildings and Perimeter| 11 days| Mon 5/4/09| Mon 5/18/09| | | 44| System Access| 11 days| Thu 5/7/09| Thu 5/21/09| | | 52| Datacenter and Communication Closet| 9 days| Fri 5/8/09| Wed 5/20/09| 10, 11| | 61| Network Security| 8 days| Mon 5/4/09| Wed 5/13/09| | | 81| Bandwidth and Network Issues| 1 day| Mon 5/4/09| Mon 5/4/09| | | 82| Network Cabling| 5 days| Mon 5/4/09| Fri 5/8/09| | | 83| Upgrade Internal Cabling to CAT5e| 5 days| Mon 5/4/09| Fri 5/8/09| | Albany Wiring| 84| Wide Area Network Connection| 50 days| Wed 4/1/09| Tue 6/9/09| | | 91| | | | | | | 92| Phoenix| 45 days| Wed 4/1/09| Tue 6/2/09| | | 3| Buildings and Perimeter| 9 days| Mon 5/4/09| Thu 5/14/09| | | 94| Video Surveillance| 4 days| Mon 5/4/09| Thu 5/7/09| | | 95| Install Video Camera| 2 days| Mon 5/4/09| Tue 5/5/09| | Phoenix Security| 96| Install Monitors and Recording Systems| 2 days| Wed 5/6/09| Thu 5/7/09| 95| Phoenix Security| 97| Install Alarm System| 3 days| Fri 5/8/09| Tue 5/12/09| 96| Phoenix Security| 98| Badge System| 5 days| Fri 5/8/09| Thu 5/14/09| | | 99| Install Badge Readers| 2 days| Wed 5/13/09| Thu 5/14/09| | Phoenix Security| 100| Rack Server| 1 day| Fri 5/8/09| Fri 5/8/09| 107| SC Server Team 2 (Phoenix)| 101| Install Card Access Software| 2 days| Mon 5/11/09| Tue 5/12/09| 100| SC Server Team 2 (Phoenix)| 102| System Access| 1 day| Mon 5/4/09| Mon 5/4/09| | | 103| Setup Smart Cards/USB Tokens| 1day| Mon 5/4/09| Mon 5/4/09| | SC Hardware Team 2 (Phoenix)| 104| Datacenter and Communication Closets| 3 days| Tue 5/5/09| Thu 5/7/09| | | Project Management 05| Install Server Racks| 1 day| Tue 5/5/09| Tue 5/5/09| 103| SC Hardware Team 2 (Phoenix)| 106| Install UPS in Isolated Area (Not Datacenter)| 1 day| Wed 5/6/09| Wed 5/6/09| 105| SC Hardware Team 2 (Phoenix)| 107| Install Communication Closet Racks| 1 day| Thu 5/7/09| Thu 5/7/09| 106| SC hardware Team 2 (Phoenix)| 108| Network Security| 6 days| Mon 5/4 /09| Mon 5/11/09| | | 109| Install Cisco Aironet 1250’s Wireless Access Points| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Network Team 2 (Phoenix)| 110| Install Cisco Catalyst 3750e’s Switches| 1 day| Wed 5/6/09| Wed 5/6/09| 109| SC Network Team 2 (Phoenix)| 111| Install ASA 5510 Firewall| 1 day| Wed 5/6/09| Wed 5/6/09| 110| SC Network Team 2 (Phoenix)| 112| Install Cisco 2821 Router| 1 day| Thu 5/7/09| Thu 5/7/09| 111| SC Network Team 2 (Phoenix)| 113| Implement VLAN’s and Network Segmentation| 1 day| Fri 5/8/09| Fri 5/8/09| 112| SC Network Team 2 (Phoenix)| 114| Implement IPSec Tunnel to Satellite Sites| 1 day| Mon 5/11/09| Mon 5/11/09| 113| SC Network Team 2 (Phoenix)| 115| Datacenter and Server Architecture| 4 days| Wed 5/13/09| Mon 5/18/09| | | 116| Install Domain Controller| 1 day| Wed 5/13/09| Wed 5/13/09| 101| SC Server Team 2 (Phoenix)| 117| Setup Print Server| 1 day| Thu 5/14/09| Thu 5/14/09| 116| SC Server Team 2 (Phoenix)| 118| Setup DHCP Server| 1 day| Fri 5/15/09| Fri 5/15/09| 117| SC Server Team 2 (Phoenix)| 119| Setup DNS Server| 1 day| Mon 5/18/09| Mon 5/18/09| 118| SC Server Team 2 (Phoenix)| 120| Bandwidth and Network Issues| 45 days| Wed 4/1/09| Tue 6/2/09| | | 121| Network Cabling| 2 days| Mon 5/4/09| Tue 5/5/09| | | 122| Upgrade Internal Cabling to CAT5e| 2 days| Mon 5/4/09| Tue 5/5/09| | Phoenix Wiring| 123| Wide Area Network Connection| 45 days| Wed 4/1/09| Tue 6/2/09| | | 124| Implement Larger WAN Connection| 45 days| Wed 4/1/09| Tue 6/2/09| | | 125| Configure Squid| 1 day| Tue 5/12/09| Tue 5/12/09| | SC Network Team 2 (Phoenix)| 126| Configure Network Throttling per VLAN| 1 day| Wed 5/13/09| Wed 5/13/09| | SC Network Team 2 (Phoenix)| 127| | | | | | | 128| San Diego| 45 days| Wed 4/1/09| Tue 6/2/09| | | 129| Buildings and Perimeter| 11 days| Mon 5/4/09| Mon 5/18/09| | | Project Management 30| Video Surveillance| 4 days| Mon 5/4/09| Thu 5/7/09| | | 131| Install Video Camera| 2 days| Mon 5/4/09| Tue 5/5/09| | San Diego Security | 132| Install Monitors and Recording System| 2 days| Wed 5/6/09| Thu 5/7/09| 131| San Diego Security| 133| Install Alarm System| 3 days| Fri 5/8/09| Tue 5/12/09| 132| San Diego Security| 134| Badge System| 9 days| Mon 5/4/09| Thu 5/14/09| | | 135| Install Badge Readers| 2 days| Wed 5/13/09| Thu 5/14/09| 133| San Diego Security| 136| Rack Server| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Server Team 3 (San Diego)| 137| Install Card Access Software| 2 days| Tue 5/5/09| Wed 5/6/09| 136| SC Server Team 3 (San Diego)| 138| Upgrade Existing Indoor and Outdoor Lighting| 2 days| Mon 5/4/09| Tue 5/5/09| | San Diego Maintenance Co. | 139| Trim Thickets and Hedges from Around Building| 2 days| Wed 5/6/09| Thu 5/7/09| 138| San Diego Maintenance Co. | 140| Install Perimeter Fence| 11 days| Mon 5/4/09| Mon 5/18/09| | | 141| Install Fe nce| 4 days| Mon 5/4/09| Thu 5/7/09| | San Diego Fencing| 142| Install Gate/Security Checkpoint| 2 days| Fri 5/15/09| Mon 5/18/09| 141, 135| San Diego Fencing, San Diego Security| 143| System Access| 1 ay| Mon 5/4/09| Mon 5/4/09| | | 144| Setup Smart Cards/USB Tokens| 1 day| Mon 5/4/09| Mon 5/4/09| | SC hardware Team 3 (San Diego)| 145| Datacenter and Communication Closets| 10 days| Mon 5/4/09| Fri 5/15/09| | | 146| Install Raised Floor in Datacenter| 5 days| Tue 5/5/09| Mon 5/11/09| 144| SC Hardware Team 3 (San Diego)| 147| Install Fire Suppression| 3 days| Mon 5/4/09| Wed 5/6/09| | | 148| Install Server Racks| 1 day| Tue 5/12/09| Tue 5/12/09| 146| SC Hardware Team 3 (San Diego)| 149| Install Automatic Transfer Switch| 1 day| Wed 5/13/09| Wed 5/13/09| 148| SC Hardware Team 3 (San Diego)| 150| Install UPS in Isolated Area (Not in Datacenter)| 1 day| Thu 5/14/09| Thu 5/14/09| 149| S C Hardware Team 3 (San Diego)| 151| Install Communication Closet Racks| 1 day| Fri 5/15/09| Fri 5/15/09| 150| SC hardware Team 3 (San Diego)| 152| Install Generator System| 5 days| Mon 5/4/09| Fri 5/8/09| | | 153| Network Security| 8 days| Mon 5/18/09| Wed 5/27/09| | | 154| Install Cisco 4402 Wireless LAN Controllers| 1 day| Mon 5/18/09| Mon 5/18/09| 145| | Project Management 55| Install Cisco Aironet 1250 Wireless Access Points| 1 day| Tue 5/19/09| Tue 5/19/09| 154| SC Network Team 3 (San Diego)| 156| Install Cisco Catalyst 6509-E Switches| 1 day| Thu 5/21/09| Thu 5/21/09| 156| SC Network Team 3 (San Diego)| 157| Install ASA 5510 Firewall| 1 day| Thu 5/21/09| Thu 5/21/09| 156| SC Network Team 3 (San Diego)| 158| Install Cisco 2821 Router| 1 day| Fri 5/22/09| Fri 5/22/09| 157| SC Network Team 3 (San Diego)| 159| Implement VLAN and Network Segmentation| 1 day| Mon 5/25/09| Mon 5/25/09| 158| SC Network Team 3 (San Diego)| 160| Implement SSL Connectivity| 1 day| Tue 5/26/09| Tue 5/26/09| 159| SC Network Team 3 (San Diego)| 161| Implement IPSec Tunnel to Satellite Sites| 1 day| Wed 5/27/09| Wed 5/27/09| 160| SC Network Team 3 (San Diego)| 162| Datacenter and Server Architecture| 18 days| Thu 5/7/09| Mon 6/1/09| | | 163| Install Fiber Channel Switch| 1 day| Thu 5/7/09| Thu 5/7/09| 137| SC Server Team 3 (San Diego)| 164| Install SANs| 1 day| Fri 5/8/09| Fri 5/8/09| 163| SC Server Team 3 (San Diego)| 165| Install Rack Servers| 1 day| Wed 5/13/09| Wed 5/13/09| 148| SC Server Team 3 (San Diego)| 166| Install Domain Controller| 1 day| Fri 5/22/09| Fri 5/22/09| 165| SC Server Team 3 (San Diego)| 167| Setup Print Server| 1 day| Tue 5/26/09| Tue 5/26/09| 166| SC Server Team 3 (San Diego)| 168| Setup DHCP Server| 1 day| Thu 5/28/09| Thu 5/28/09| 167| SC Server Team 3 (San Diego)| 169| Setup DNS Server| 1 day| Fri 5/29/09| Fri 5/29/09| 168| SC Server Team 3 (San Diego)| 170| Install Microsoft Windows 2003 Server x64 w/Exchange| 3 days| Thu 5/14/09| Mon 5/18/09| | | 171| Install Hardware for Content Filtering| 1 day| Mon 5/18/09| Mon 5/18/09| 148, 165| SC Hardware Team 3 (San Diego)| 172| Setup Server Side E-mail Filter| 1 day| Thu 5/14/09| Thu 5/ 14/09| 165| SC Server Team 3 (San Diego)| 173| Implement RADIUS| 1 day| Fri 5/15/09| Fri 5/15/09| 172| SC Server Team 3 (San Diego)| 174| Setup SQL Server| 1 day| Mon 5/18/09| Mon 5/18/09| 173| SC Server Team 3 (San Diego)| 175| Install Monitoring Server| 1 day| Tue 5/19/09| Tue 5/19/09| 174| SC Server Team 3 (San Diego)| 176| Install Squid Server| 1 day| Wed 5/20/09| Wed 5/20/09| 175| SC Server Team 3 (San Diego)| 177| Install Microsoft Windows 2003 Web Server w/IIS 6. 0| 1 day| Thu 5/21/09| Thu 5/21/09| 176| SC Server Team 3 (San Diego)| 178| Install Software Distribution Server| 1 day| Mon 5/25/09| Mon 5/25/09| 177| SC Server Team 3 (San Diego)| 179| Setup DFS| 1 day| Wed 5/27/09| Wed 5/27/09| 178| SC Server Team 3 (San Diego)| Project Management 80| Setup Syslog Server| 1 day| Mon 6/1/09| Mon 6/1/09| | | 181| Install Syslog Clients on Servers| 1 day| Mon 6/1/09| Mon 6 /1/09| 179| SC Server Team 3 (San Diego)| 182| Bandwidth and Network Issues| 45 days| Wed 4/1/09| Tue 6/2/09| | | 183| Network Cabling| 3 days| Mon 5/4/09| Wed 5/6/09| | | 184| Upgrade Internal Cabling to CAT5e| 3 days| Mon 5/4/09| Wed 5/6/09| | San Diego Wiring| 185| Wide Area network Connection| 45 days| Wed 4/1/09| Tue 6/2/09| | | 186| Implement Larger WAN Connection| 45 days| Wed 4/1/09| Tue 6/2/09| | | 187| Configure Squid| 1 day| Thu 5/28/09| Thu 5/28/09| 161| SC Network Team 3 (San Diego )| 188| Configure Network Throttling per VLAN| 1 day| Tue 6/2/09| Tue 6/2/09| 162| SC Network Team 3 (San Diego)| 189| | | | | | | 190| Miami| 45 days| Wed 4/1/09| Tue 6/2/09| | | 91| Buildings and Perimeter| 9 days| Mon 5/4/09| Thu 5/14/09| | | 192| Video Surveillance| 4 days| Mon 5/4/09| Thu 5/7/09| | | 193| Install Video Camera| 2 days| Mon 5/4/09| Tue 5/5/09| | Miami Security| 194| Install Monitors and Recording Systems| 2 days| Wed 5/6/09| Thu 5/7/09| 193| Miami Security| 195| Install Alarm System| 3 days| Fri 5/8/09| Tue 5/12/09| 194| Miami Security| 196| Badge System| 9 days| Mon 5/4/09| Thu 5/14/09| | | 197| Install Badge Readers| 2 days| Wed 5/13/09| Thu 5/14/09| 195| Miami Security| 198| Rack Server| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Server Team 4 (Miami)| 199| Install Card Access Software| 2 days| Tue 5/5/09| Wed 5/6/09| 198| SC Server Team (Miami)| 200| System Access| 1 day| Mon 5/4/09| Mon 5/4/09| | | 201| Setup Smart Cards/USB Tokens| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Hardware Team 4 (Miami)| 202| Datacenter and Communication Closets| 3 days| Tue 5/5/09| Thu 5/7/09| | | 203| Install Server Racks| 1 day| Tue 5/5/09| Tue 5/5/09| 201| SC Hardware Team 4 (Miami)| 204| Install UPS in Isolated Area (Not in Datacenter)| 1 day| Wed 5/6/09| Wed 5/6/09| 203| SC Hardware Team 4 (Miami)| Project Management 205| Install Communication Closet Racks| 1 day| Thu 5/7/09| Thu 5/7/09| 204| SC Hardware Team 4 (Miami)| 206| Network Security| 6 days| Mon 5/4/09| Mon 5/11/09| | | 207| Install Cisco Aironet 1250 Wireless Access Points| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Network Team 4 (Miami)| 208| Install Cisco Catalyst 3750e Switches| 1 day| Tue 5/5/09| Tue 5/5/09| 207| SC Network Team 4 (Miami)| 209| Install ASA 5510 Firewall| 1 day| Wed 5/6/09| Wed 5/6/09| 208| SC Network Team 4 (Miami)| 210| Install Cisco 2821 Router| 1 day| Thu 5/7/09| Thu 5/7/09| 209| SC Network Team 4 (Miami)| 211| Implement VLAN and Network Segmentation| 1 day| Fri 5/8/09| Fri 5/8/09| 210| SC Network Team 4 (Miami)| 212| Implement IPSec Tunnel to Satellite Sites| 1 day| Mon 5/11/09| Mon 5/11/09| 211| SC Network Team 4 (Miami)| 213| Install Domain Controller| 4 days| Thu 5/7/09| Tue 5/12/09| | | 214| Install Domain Controller| 1 day| Thu 5/7/09| Thu 5/7/09| 199| SC Server Team 4 (Miami)| 215| Setup Print Server| 1 day| Fri 5/8/09| Fri 5/8/09| 214| SC Server Team 4 (Miami)| 216| Setup DHCP Server| 1 day| Mon 5/11/09| Mon 5/11/09| 215| SC Server Team 4 (Miami)| 217| Setup DNS Server| 1 day| Tu e 5/12/09| Tue 5/12/09| 216| SC Server Team 4 (Miami)| 218| Bandwidth and Network Issues| 45 days| Wed 4/1/09| Tue 6/2/09| | | 219| Network Cabling| 3 days| Mon 5/4/09| Wed 5/6/09| | | 220| Upgrade Internal Cabling to CAT5e| 3 days| Mon 5/4/09| Wed 5/6/09| | Miami Wiring| 221| Wide Area Network Connection| 45 days| Wed 4/1/09| Tue 6/2/09| | | 222| Implement Larger WAN Connection| 45 days| Wed 4/1/09| Tue 6/2/09| | | 223| Configure Squid| 1 day| Wed 5/13/09| Wed 5/13/09| 199| SC Server Team 4 (Miami)| 224| Configure Network Throttling per VLAN| 1 day| Tue 5/12/09| Tue 5/12/09| 212| SC Network Team 4 (Miami)| 225| | | | | | | 226| Houston| 9 days| Mon 5/4/09| Thu 5/14/09| | | 227| Buildings and Perimeter| 9 days| Mon 5/4/09| Thu 5/14/09| | | 228| Video Surveillance| 4 days| Mon 5/4/09| Thu 5/7/09| | | 229| Install Video Camera| 2 days| Mon 5/4/09| Tue 5/5/0 9| | Houston Security| Project Management 230| Install Monitors and Recording Systems| days| Wed 5/6/09| Thu 5/7/09| 229| Houston Security| 231| Install Alarm System| 3 days| Fri 5/8/09| Tue 5/12/09| 230| Houston Security| 232| Badge System| 9 days| Mon 5/4/09| Thu 5/14/09| | | 233| Install Badge Readers| 2 days| Wed 5/13/09| Thu 5/14/09| 231| Houston Security| 234| Rack Server| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Server Team 5 (Houston)| 235| Install Card Access Software| 2 days| Tue 5/5/09| Wed 5/6/09| 234| SC Server Team 5 (Houston)| 236| System Access| 1 day| Mon 5/4/09| Mon 5/4/09| | | 237| Setup Smart Cards/USB Tokens| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Hardware Team 5 (Houston)| 238| Datacenter and Communication Closets| 2 days| Tue 5/5/09| Wed 5/6/09| | | 239| Install UPS in Isolated Area (Not in Datacenter)| 1 day| Tue 5/5/09| Tue 5/5/09| 237| SC Hardware Team 5 (Houston)| 240| Install Communication Closet Racks| 1 day| Wed 5/6/09| Wed 5/6/09| 239| SC Hardware Team 5 (Houston)| 241| Network Security| 7 days| Mon 5/4/09| Tue 5/12/09| | | 242| Install Cisco Aironet 1250 Wireless Access Points| 1 day| Mon 5/4/09| Mon 5/4/09| | SC Network Team 5 (Houston)| 243| Install Cisco Catalyst 3750e Switches| 1 day| Tue 5/5/09| Tue 5/5/09| 242| SC Network Team 5 (Houston)| 244| Install ASA 5510 Firewall| 1 day| Wed 5/6/09| Wed 5/6/09| 243| SC Network Team 5 (Houston)| 245| Install Cisco 2821 Router| 1 day| Thu 5/7/09| Thu 5/7/09| 244| SC Network Team 5 (Houston)| 246| Implement VLAN and Network Segmentation| 1 day| Fri 5/8/09| Fri 5/8/09| 245| SC Network Team 5 (Houston)| 247| Implement IPSec Tunnel to Satellite Sites| 1 day| Mon 5/11/09| Mon 5/11/09| 246| SC Network Team 5 (Houston)| 248| Install Domain C ontroller| 4 days| Thu 5/7/09| Tue 5/12/09| | | 249| Install Domain Controller| 1 day| Thu 5/7/09| Thu 5/7/09| 235| SC Server Team 5 (Houston)| 250| Setup Print Server| 1 day| Fri 5/8/09| Fri 5/8/09| 249| SC Server Team 5 (Houston)| 251| Setup DHCP Server| 1 day| Mon 5/11/09| Mon 5/11/09| 250| SC Server Team 5 (Houston)| 252| Setup DNS Server| 1 day| Tue 5/12/09| Tue 5/12/09| 251| SC Server Team 5 (Houston)| 253| Bandwidth and Network Issues| 8 days| Mon 5/4/09| Wed 5/13/09| | | 254| Network Cabling| 3 days| Mon 5/4/09| Wed 5/6/09| | | Project Management 255| Upgrade Internal Cabling to CAT5e| 3 days| Mon 5/4/09| Wed 5/6/09| | Houston Wiring| 256| Wide Area Network Connection| 1 day| Mon 5/4/09| Mon 5/4/09| | | 257| Implement Larger WAN Connection| 1 day| Mon 5/4/09| Mon 5/4/09| | | 258| Configure Squid| 1 day| Wed 5/13/09| Wed 5/13/09| 235| SC Server Team 5 (Housto n)| 259| Configure Network Throttling per VLAN| 1 day| Tue 5/12/09| Tue 5/12/09| 247| SC Network Team 5 (Houston)| 260| | | | | | | 61| Business Continuity and Disaster Recovery| 14 days| Wed 5/20/09| Mon 6/8/09| | | 262| Develop Disaster Recovery Plan| 3 days| Wed 5/20/09| Fri 5/22/09| 15| SC Administration Team 1 (Albany)| 263| Test Disaster Recovery Plan| 2 days| Mon 5/25/09| Tue 5/26/09| 262| SC Administration Team 1 (Albany), SC Administration Team 3 (San Diego)| 264| Develop Business Continuity Plan| 2 days| Wed 5/27/09| Thu 5/28/09| 263| SC Administration Team 1 (Albany)| 265| Test Business Continuity Plan| 1 day| Fri 5/29/09| Fri 5/29/09| 264| SC Administration Team 1 (Albany)| 266| Implement SAN Replication for Backup| 1 day| Mon 6/8/09| Mon 6/8/09| | | 267| Install OSSV Clients on Servers| 1 day| Mon 6/8/09| Mon 6/8/09| 61| SC Server Team 1 (Albany), SC Server Team 3 (San Diego)| 268| Configure Backup Alerting | 1 day| Mon 6/8/09| Mon 6/8/09| 267| SC Server Team 1 (Albany), SC Server Team 3 (San Diego)| 269| Recommend Inventory Management System| 1 day| Mon 6/1/09| Mon 6/1/09| 265| SC Administration Team 1 (Albany)| 270| | | | | | | 271| Systems Audit| 5 days| Wed 6/10/09| Tue 6/16/09| | | 272| Audit Systems| 5 days| Wed 6/10/09| Tue 6/16/09| 3, 6, 25, 92, 128| | 5. 3 Network Topology Logical View Network Topology Logical View Network Topology Logical View Network Topology WAN Redundancy Network Topology VPN Network 6. Deliverables Based on information provided and assessments previously defined, we will be providing the following deliverables upon project initiation, during implementation, and upon completion: 1) IT Security Consultants, Inc. ill provide a project schedule and implementation timeline to clarify each phase of the project. 2) IT Security Consultants, Inc. will identify the network topology, security infrastructure, and layout. Our main highlights will include the following: * Installation of two SAN Servers for server booting and backup services. These will be at the Albany, NY and San Diego, CA sites only. * Installation of SCCM which will manage pushing patches and software updates to computers. These will be at the Albany, NY and San Diego, CA sites only. * Installation of TinyDNS server for management of FTD Enterprises’ domain and ARIN IP addresses. These will be at the Albany, NY and San Diego, CA sites only. Installation of generator, automatic transfer switches, and dual UPS systems at the Albany, NY and San Diego, CA sites only. At the other facilities a dual UPS system will be used to maintain power for servers and network components. * Purchase of 256 ARIN IP addresses. * Security policies, backup policy, and business continuity plan will be provided at the beginning of installation. FTD Enterprises will have the power to review these policies and plans, update them, and make submissions for any change s that need to take place. 3) IT Security Consultants, Inc. will propose hardware and costs which will include installation and maintenance costs. Maintenance costs associated with specific hardware vendors will be funded by FTD Enterprises. 4) IT Security Consultants, Inc. will provide a business continuity plan. 5) IT Security Consultants, Inc. will provide a comprehensive backup/disaster recovery plan. 7. Budget Hardware| Quantity| Price| Price Extended| Installation Hours| Hourly Rate| Total Price Extended| Hp Laptop| 99| $2,003. 00| $198,297. 00| 198| $100. 00| $218,097. 00| HP Proliant DL385 G5 Server| 26| $3,179. 00| $82,654. 00| 52| $100. 00| $87,854. 00| Cisco MDS 9509 Multilayer Director Switch| 4| $59,045. 00| $236,180. 00| 80| $100. 00| $244,180. 00| Cisco Catalyst 6509-E| 5| $58,978. 00| $294,890. 00| 40| $100. 00| $298,890. 0| Cisco Catalyst 3750E-48TD| 5| $9,989. 00| $49,945. 00| 20| $100. 00| $51,945. 00| Cisco ASA 5500| 10| $9,014. 03| $90,140. 30| 65| $100. 00| $96,640. 30| Cisco 2821 Router| 10| $8,801. 50| $88,015. 00| 35| $100. 00| $91,515. 00| Cisco Systems AIR-LAP1252G-A-K9| 33| $871. 87| $28,771 . 71| 66| $100. 00| $35,371. 71| Cisco Wireless Controler 4402| 4| $6,274. 00| $25,096. 00| 16| $100. 00| $26,696. 00| RB433AH w/XR5 Card| 8| $485. 00| $3,880. 00| 32| $100. 00| $7,080. 00| NetApp R150| 2| $24,995. 00| $49,990. 00| 80| $100. 00| $57,990. 00| APC Smart-UPS VT 10KVA 400V w/4 Batt Mod Exp to 4, Int Maint Bypass, Parallel Capable| 4| $15,790. 00| $63,160. 00| 80| $100. 00| $71,160. 0| APC Symmetra RM 2kVA Scalable to 6kVA N+1 208/240V w/ 208 to 120V Step-Down Transformer (4) L5-20R| 3| $3,411. 00| $10,233. 00| 30| $100. 00| $13,233. 00| APC Smart-UPS APC Smart-UPS 2200VA USB Serial RM 2U 120V| 3| $1,075. 00| $3,225. 00| 6| $100. 00| $3,825. 00| RACK ATS, 120V, 20A, L5-20 IN, (10) 5-20R OUT| 8| $769. 00| $6,152. 00| 8| $100. 00| $6,952. 00| Security Gate and Checkpoint| 2| $12,451. 00| $24,902. 00| 120| $100. 00| $36,902. 00| Budget Guardian Quiet Source 36 kW Standy Power Generator| 2| $9,689. 00| $19,378. 00| 40| $100. 00| $23,378. 00| Rack PDU, Switched, Zer o U, 30A, 200/208V, (21)C13 (3)C19| 8| $879. 00| $7,032. 00| 8| $100. 0| $7,832. 00| NetShelter VX Seismic 42U Enclosure w/Sides Black| 4| $2,350. 00| $9,400. 00| 20| $100. 00| $11,400. 00| SAFENET USB Token Authenticator| 200| $32. 00| $6,400. 00| 10| $100. 00| 7,400. 00| Software| Quantity| Price| Price Extended| Installation Hours| Hourly Rate| Total Price Extended| Server 2003 Std| 18| $999. 00| $17,982. 00| 36| $100. 00| $21,582. 00| Server 2003 Std x64| 4| $999. 00| $3,996. 00| 24| $100. 00| $6,396. 00| Exchange 2007| 4| $699. 00| $2,796. 00| 32| $100. 00| $5,996. 00| Server 2003 CALs (20 Pack)| 10| $799. 00| $7,990. 00| 0| $100. 00| $7,990. 00| Exchange CALs| 325| $67. 00| $21,775. 00| 0| $100. 0| $21,775. 00| SQL 2005| 2| $1,849. 00| $3,698. 00| 0| $100. 00| $3,698. 00| Squid| 5| $ -| $ -| 25| $100. 00| $2,500. 00| Trend Micro Office Scan| 350| $41. 42| $14,497. 00| 0| $100. 00| $14,497. 00| SCCM| 2| $579. 00| $ 1,158. 00| 160| $100. 00| $17,158. 00| SCCM Enterprise License| 2| $430. 00| $860. 00| 4| $100. 00| $1,260. 00| WhatsUpGold| 2| $2,595. 00| $5,190. 00| 20| $100. 00| $7,190. 00| ARIN Block AS Registration| 1| $500. 00| $500. 00| 0| | $500. 00| Budget Yearly Maintenance| Quantity| Price| Price Extended| | | Total Price Extended| HP Server Maintenance| 26| $600. 00| $15,600. 0| | | $15,600. 00| Cisco Maintenance| 72| $157. 00| $11,304. 00| | | $11,304. 00| SAN Maintenance| 2| $38,000. 00| $76,000. 00| | | $76,000. 00| Power System| 2| $14,045. 00| $28,090. 00| | | $28,090. 00| ARIN /24 Block of IPs| 1| $1,250. 00| $1,250. 00| | | $1,250. 00| Contractors| Quantity| Price| Price Extended| | | Total Price Extended| Fencing Installed (Units in feet)| 3200| $14. 00| $44,800. 00| | | $44,800. 00| Security Contractor| | | $120,000. 00| | | $120,000. 00| Maintenance Contractor| | | $10,000. 00| | | $10,000. 00| Wiring Contractor| | | $75,000. 00| | | $75,000. 00| Total| | 1297 Ho urs| $1,890,927. 01| Appendix: Detailed Budget The following is an explanation of items listed on the budget that we are requesting to be purchased by FTD Enterprises for network reconstruction: * HP Laptops will be for sales teams that utilize wireless, instead of having employees use their own laptops, which can cause problems with the network security. * HP Proliant DL385 G5 Server; these are the servers that will be replacing all existing servers. We are replacing all servers with equipment that is more efficient with today. These HP Servers come with an AMD Quad-Core processor with 2MB Level 2 cache and 2MB Level 3 cache. Each server also has 8 DIMM slots that can support up to 64GB of RAM. * Cisco MDS 9509 Multilayer Director Switch; used for the fiber-channel network, for booting the servers and provides 2 4g redundant links to the closet switches. Cisco Catalyst 6509-E; these Cisco Catalysts will be the main switches for the Albany NY and San Diego CA sites. Because we are pushing updates and SAN backups between these two locations, they needed a switch that could handle high bandwidth. Features include software modularity to deliver fault containment, memory protection, and hardware redundancy for fans, power supplies, fabrics, and clocks for nonstop operation; Nonstop Forwarding (NSF) and Stateful SwitchOver (SSO) help ensure minimal traffic loss. * Cisco Catalyst 3750E-48TD; Enterprise class switches that will be installed at Miami FL, Houston TX, and Phoenix AZ. * Cisco ASA 5510 Series SSL/IPSec VPN; the ASA 5510 will be the firewall and VPN connection for each location. The ASA 5510 extends the appropriate SSL VPN technology, either clientless or full-network access, on a per-session basis, depending on the user group or endpoint accessing the network; it also provides comprehensive network access and optimized network performance. * Cisco 2821 Router; main routers at each location; 2 routers will be installed at each location for redundant connections. * Cisco Systems AIR-LAP1252G-A-K9; installed at each location to provide wireless coverage. Detailed Budget * Cisco Wireless Controller 4402; used for the Cisco WAPs, they connect to the controller for firmware (IOS) updates and provide central management for all the WAPs. * RB433AH w/XR5 Card; these are for the wireless links between buildings at Albany. * NetApp R150; SAN servers for Albany NY and San Diego CA. * APC Smart-UPS; power supply, in case of power failure, for data centers at each location. APC Symmetra; power supply, in case of power failure, for buildings located in Albany NY. * RACK ATS, 120V, 20A, L5-20 IN, (10) 5-20R OUT; Automatic Transfer Switches to maintain constant power at each location. * Guardian Quiet Source 36 kW Standby Power Generator; these two generators are for long-term power outages beyond the range of the UPS equipment; installed at Albany NY and San Diego CA. * Squid is the open-source proxy server that will be used at each location. * Trent Micro is the Antivirus that will be installed on all servers, laptops, and desktops. * SCCM, which stands for System Center Configuration Manager, will be used to deploy software updates and patches across the network. ‘WhatsUpGold’ is the program that will monitor the network and record SNMP stats. Appendix: Risk Assessment Vulnerabilities| Description| Criticality| Impact Cost| Probability| Total Impact| Buildings| Total lack of internal and external video surveillance. Thickets of large plants and trees around buildings. There are four entrances to the building with no security checks. There is poor lighting inside the building after hours. | High (3)| Medium (2)| High (3)| High (8)| System Access| The network has a poor password and account lockout policies. Employees have local administrator access to machines that needs to be abolished. Access is based solely on username and passwords to authenticate. The domain server is not being utilized to its full capability in regards to access control. | High (3)| High (3)| Medium (2)| High (8)| Physical Access| Employees are granted access to the building during all hours. There is no security personnel. Lack of badges for visitors and employees. There is a potential for social engineering due to a lack of employee training. | Medium (2)| High (3)| Medium (2)| High (7)| Data Center and Communications Closets| There is a lack of physical security to the data center. Insufficient environmental controls and monitoring for temperature, fire suppression, or flood protection. The site also lacks a central UPS and generator system. High (3)| High (3)| Low (1)| High (7)| Network Security| There is also a lack port security and the servers are not in a separate subnet. The wireless network is not implemented via most recommended security and manageability practices. There is a lack or unknown status of a firewall. The company uses PPTP and L2TP VPNs to allow remote access in. The domain controller allows for RAS connections to be made to it. The network also lacks MAC filtering. | High (3)| High (3)| Low (1)| High (7)| Business Continuity| The company needs a system to manage IT and product inventory. There is a lack of frequency of backups, testing of those backups, and off-site storage of backups. There is no redundancy with the domain controller. High (3)| High (3)| Low (1)| High (7)| Perimeter of Complex| No fence around complex and there are no security checks for vehicles entering the property. There is also no video surveillance of the perimeter. There is a lack of parking lot lighting. | Medium (2)| Low (1)| High (3)| Medium (6)| Administration and Policies| Major human resources issues in regards to processes post termination, policies for temp and janitorial employees, and IT and Security personnel. Overall lack of security policies and a method of enforcing and auditing them. There may also be poor inter-dep artmental communication and cooperation. There is the use of personal hardware and software on company machines. Company computers also lack uniformity and disk encryption for mobile devices. | Medium (2)| Low (1)| High (3)| Medium (6)| Bandwidth Issues| Research and Development has many issues regarding bandwidth both internally and externally. The main WAN connection is a frame relay connection and each satellite location has a fractional T-1. Inadequate main office network between buildings. Each department is not separated by VLANs. There is no system performing bandwidth throttling to each department. | High (3)| Low (1)| Low (1)| Medium (5)| Server Architecture| There is no central server for updates for operating systems, anti-virus, or network equipment firmware. The mail server lacks server-side spam filtering. Logs are not stored in a central location to ease analysis. The web server is running on an outdated server with outdated methods of manageability. There is not a use of a file server for employees to maintain their work on. | Medium (2)| Medium (2)| Low (1)| Medium (5)| Network Issues| The network is designed under inconsistent and outdated hardware/firmware. The network devices communicate routes via RIP. Employees are common to use the internet for personal use. Lack of monitoring of switches, routers, and other services via SNMP. The network lacks proper documentation. | Medium (2)| Low (1)| Low (1)| Low (4)| Risk Assessment Appendix: Continuity Plan Contingency Planning Policy Statement FTD Enterprises shall develop contingency plans for each major application or general support system to meet the needs of critical IT operations in the event of a disruption extending beyond 24 hours. As the contingency planning is developed communication with the CTO and other upper level management shall be maintained. Any future changes to any contingency plan or policy will be properly and formally documented. The procedures must account for nightly backups to be conducted and sent to the backup server array. This plan will assign specific responsibilities to designated staff or positions to facilitate the recovery and/or continuity of essential IT functions. Resources necessary to ensure viability of the procedures shall be acquired and maintained. Personnel responsible for target systems shall be trained to execute contingency procedures. Critical Components * Off-site Backup Servers. These should be servers that replicate the on-site servers. For example, if there is an on-site email server, then there is also an off-site email server. All emails that come to the main server should also be replicated to the backup server as well as any user creation and deletion. For other servers, like web and file, the replication can take place after hours of operation. * Temporary switches, routers, and cabling. All switches and routers should have a backup in the event of failure to maintain business. Extra cabling should be available to replace damaged cabling. * Backup internet connection. This backup connection should not have the same upstream provider as the main internet connection if at all possible. * Off-site VPN access. The off-site server room should be configured for people to VPN into the network for when the on-site services go down. * Generators. The main site and off-site should be equipped with generators to mitigate any power failures. Continuity Plan Business Impact Analysis Identify Critical IT Resources A key step in contingency planning is identifying critical IT resources. Below you will find tables comparing business critical tasks and the resources needed for the respective task. Critical Business Process| Critical Resource| Accounting and HR| * Accounting / HR server * Email * Internet connectivity| Customer Service| * File server * Email * Internet connectivity * Telephone| Client Side Web Applications| * Internet connectivity * WWW/FTP server| Table 1 – Critical IT Resources Identify Disruption Impacts and Allowable Outage Times Disruptions reach their most critical level when the Cost of Disruption is greater than the Cost to Recover. The Maximum Allowable Outage is critical to the success of the IT Contingency Plan. Critical Resource| Maximum Allowable Outage| Impact| Accounting / HR server| 4 hours| * Slowed productivity * Necessary documents are unavailable * Payroll can’t be processed * A/R and A/P can’t be processed| File server/DC| 2 hours| * Slowed productivity * Necessary documents are unavailable * Workstations must use cached credentials * Shared Resources must redirected away from server | WWW/FTP server| 1 hour| * Clients can’t connect to Web server for account inquiries or support * Level of customer service is dramatically reduced| Email| 1 hour| * Communication is disrupted * Lost opportunities| Internet connectivity| 2 hours| * Clients can’t connect to Web server for account inquiries or support * Critical communication is disrupted| Telephone| 2 hours| * Clients can’t speak to representatives * Critical communication is disrupted| Table 2 – Disruption Impacts and Allowable Outage Times Continuity Plan Develop Recovery Priorities Recovery priorities layout the foundation for what FTD Enterprises will need to focus on first. These range from a low priority to critical priority. Plans will need to be in place, fully understood, and ready for immediate action. Critical Resource| Recovery Priority| Accounting / HR server| Medium| File server/DC| High| WWW/FTP server| High| Email| Low| Internet connectivity| Critical| Telephone| High| Table 3 – Recovery Priorities Identify Preventative Controls Based on the information provided, all necessary preventative controls are currently in place and fully operational. Common natural disasters include fire, earthquake, flood, landslide, liquefaction, lightning, volcano, avalanche, hurricane or tropical storm, tornado, and tsunami. Intentional actions of disruption may include arson, theft, vandalism, network/server hack, and malicious software. Unintentional means of disruption are loss of power, hardware failure, faulty patch/upgrade, and user error. Develop Recovery Strategies Backup Methods The SAN system at the Albany, or main, sight will backup data to the San Diego, or off-site, SAN nightly. The system will be setup by doing an initial full backup. From this point snapshots will be taken and uploaded as files are changed and pushed to the off-site nightly. In the event of any service or all services at the primary Albany site going down, the San Diego site will act as failover. Alternate Sites Due to FTD Enterprises currently having many sites across the country, we recommend that if one site becomes unusable for whatever reason then FTD considers moving critical employees to alternate sites Continuity Plan until the site they worked from becomes usable. Therefore, these sites must be ready to handle a migration of several employees in the event of crisis. Equipment Replacement In the event that all hardware and equipment has been permanently lost, workstation hardware can be temporarily leased until permanent hardware can be replaced. For employees that must work on unknown internet connections there will be the use of the SSL VPN to connect in. Work must not be saved under any conditions on the drives of any leased machines. Before a leased machine is returned to its owner, FTD Enterprises shall have the drive formatted to further protect important data from being leaked. Roles and Responsibilities Upper level management will orchestrate the execution of this plan with departmental leads to ensure this contingency plan is uninterrupted and maintains the safety of all personnel. FTD Enterprises’ CTO will designate the appropriate tasks to the IT department in order to restore functionality to IT assets. Departmental management will carry out plans relating to their respective departments per the CTO and this contingency plan. Common Scenarios * No workstation should undergo repairs for longer than one week. * Any segment of the internal network is not to be down for longer than one day. * If a server is to be under repair, the maximum time allotted is three days. After those three days the server is to be completely reinstalled and data restored to it from the off-site backup. * Employees should not work from home under serious building conditions for longer than one week. Continuity Plan Single Day Downtimes Scenario| Action| Power failures. | Turn on generators. | Workstation failure. | Issue laptop to employee and repair workstation. Internal Network Problem| Determine the problem and replace the equipment. Restock backup supply. No internal network problem should last longer than one day. | Internet Failure| Swap over to backup internet connection. | Server Failure| Immediat ely bring off-site backup server into production and make repairs to the main server. Do so simply by changing the DNS resolution look for the off-site server rather than the main server that is down. | Single Week Downtimes Scenario| Action| Power failures. | Turn on and maintain fuel to the generators. | Workstation failure. | Issue lapt