InstructionsProjectConsider the following scenario:You work for a network security firm as a professional security engineer. You are asked to provide a security and testing assessment document for one

Instructions

Project

Consider the following scenario:

You work for a network security firm as a professional security engineer. You are asked to provide a security and testing assessment document for one of the firm’s customers. The customer is a local fulfillment company that deals with confidential customer information. The fulfillment company has two locations: a headquarters office downtown and a branch office in another city.

The fulfillment company has the following equipment:

1. 12 Windows XP and 25 Windows 7 workstations connected to a Windows Server 2008 domain controller and file server (The Windows XP personal computers [PCs] are mostly used in the warehouse connected to high-speed printers for employees to spool and print jobs.),

2. one Windows Server 2008 R2 RRAS server accessed by home workers after hours,

3. one Windows Server 2003 print server,

4. one Linux database server running an open source of MySQL,

5. one Apache Web server for customers to check status of their jobs/orders online,

6. a seven-year-old firewall connecting the headquarters’ network perimeter to a T3 internet line and virtual private network (VPN) connecting to the branch office,

7. a 10-year-old firewall in the branch office connecting to the Internet and headquarters via a T1 link, and

8. 15 Windows XP workstations in the branch office connecting to the headquarters office via VPN to the Windows Server 2008 R2 domain controller file and print server.

At the headquarters location, the servers are located in a locked server room that only authorized users can enter. The server room has a four-digit combination lock for security. Both locations have numerous security cameras, including cameras in the computer room.

The network manager has informed you that the fulfillment company has an IT security policy that all employees are required to read and sign when they are hired by the company. The network manager wants to ensure that the network is secure and asks you to provide a statement of work or rules of engagement (ROE) document for a network security assessment.

Refer to NIST Publication SP 800-115 Appendix B, found below. Create a document following the Appendix B format based on the scenario provided. Your document must be at least 3 pages in length.

Additionally, sketch a network diagram for the fulfillment company (remember to include connectivity devices necessary for the LAN and WAN connections). Describe any entry points (physical or data transmission related) or situations that constitute potential security risks. In addition, in your ROE document, suggest how the network manager could better train his or her employees to understand network security.

Cite at least the textbook and the NIST publication for this assignment. In addition, paraphrased and quoted material must have accompanying citations and use APA format.