HMG 6446 Activity 3

7. Both guests and employees use the same network – These networks should be separated to help prevent private information (read credit card numbers) from potentially being hacked.

1. What should Julie do first? Julie should immediately put some type of lock on the door of the server room. Chapter 4 reading says that most breaches or thefts of company data are done internally and that a locked door and restricted access can solve many problems. Ideally, a coded lock with access control, such as a badge, to let you know who enters the room and when would be the best option. Let’s say the room remains unlocked and a guest strolls in on their cell phone looking for a quiet place to talk and unintentionally trips on a power cable. The guest plugs it back in but leaves the room quickly and Julie is now responsible with no knowledge of who did it. Guests should never have access to server rooms. Access to this room should be minimal, perhaps Julie and the GM and/or Owners…that is all. And if an employee has nothing to do with the server they should not have access to the room.
3. Why should she do this first? Again, chapter 4 says most breaches are internal. A basic lock can be put on a door within a matter of minutes meaning that the potential hacker can be stopped just as quickly as they can act. The lock can be upgraded to the digital code or badge access later on. Keeping uninvited guests out also prevents accidents like tripping on a power cable or mindlessly flipping a switch that actually is important. Also, it only takes one spiteful employee to sabotage Julie with a LAN tap to read unencrypted network information and or make configuration changes to the server. And last but not least, someone could steal all of the equipment.
4. List in order your next nine priorities and justify your answers.
5. 2. Firewall software requires manual updates – Daily updates on firewalls are necessary. Smaller organizations with network connections provided by DSL or cable modems do not realize their connection is continuous making their computer more vulnerable to malicious software.
6. 3. She was able to access the hotel’s wireless network from across the street – this absolutely needs to be limited to the property only or less area than that. A hacker can piggy back onto the network and access the hotel’s computer system. Also, if someone who is unauthorized to use the network commits a crime or sends spam, it would be traced back to the hotel.
7. 4. Software installation is allowed on all computers – This one is pretty obvious, but anyone can download anything on one of the hotel’s computers if users are not blocked from installing software. Viruses, worms, trojan horses and more can be uploaded quickly and valuable information can be stolen easily without restrictions.
8. 5. Business center computers do not require a password – This means that anyone can walk off the street and download anything. They would also have access to the server room as it is not locked. Hence the reason this comes in at #5.
9. 6. Front desk staff giving out too much information – this is something can be fixed relatively quickly, although I need more information on what they are giving out. I’m putting this at the worst-case scenario.

Apart from these ten, can you think of other possible vulnerable points?

2. 8. No employee network policy currently exists – Worms and trojan horses can easily come from employees that check their personal email because there is no policy that prevents or restricts them from using work computers. In my opinion, work computers should be used for work. Employees should check their emails at home, even if they are on their break.
3. 9. The computer system does not require users to change their passwords often enough – Define often enough and what computer system are we talking about? For me, this is last because it is so vague. I think if proper precautions are taken this is less of an issue.

1. Is the server physically locked to the rack?
2. Do the front office employees have access to the internet and if so, are any websites blocked for security purposes?
3. What websites do the executive offices have access to?
4. Is a code for long distance telephone calls for employee lines?