Always Fresh

COM-520 Written Assignment 6

Project Scenario

Always Fresh Foods Inc. is a food distributor with a central headquarters and main warehouse in

Colorado, as well as two regional warehouses in Nevada and Virginia.

The company runs Microsoft Windows 2019 on its servers and Microsoft Windows 10 on its workstations.

There are 2 database servers, 4 application servers, 2 web servers, and 25 workstation computers in the

headquarters offices and main warehouse. The network uses workgroups, and users are created locally

on each computer. Employees from the regional warehouses connect to the Colorado network via a

virtual private network (VPN) connection.

Due to a recent security breach, Always Fresh wants to increase the overall security of its network and

systems. They have chosen to use a solid multilayered defense to reduce the likelihood that an attacker

will successfully compromise the company’s information security. Multiple layers of defense throughout

the IT infrastructure makes the process of compromising any protected resource or data more difficult

than any single security control. In this way, Always Fresh protects its business by protecting its

information.

Project Part 6: Windows Hardening Recommendations

Scenario

As a security administrator for Always Fresh, you have been instructed to ensure that Windows

authentication, networking, and data access are hardened. This will help to provide a high level of

security.

The following are issues to be addressed through hardening techniques:

 Previous attempts to protect user accounts have resulted in users writing long passwords

down and placing them near their workstations. Users should not write down passwords or create

passwords that attackers could easily guess, such as words founds in the dictionary.

 Every user, regardless of role, must have at least one unique user account. A user who

operates in multiple roles may have multiple unique user accounts. Users should use the account

for its intended role only.

 Anonymous users of the web server applications should only be able to access servers

located in the demilitarized zone (DMZ). No anonymous web application users should be able to

access any protected resources in the Always Fresh IT infrastructure.

 To protect servers from attack, each server should authenticate connections based on

the source computer and user.

Tasks

Create a summary report to management that describes a hardening technique that addresses each

issue listed above. Provide rationale for each selection.

Due to the Always Fresh expansion, management wants additional network controls to protect their

growing network.

Required Resources

 Internet access

 Course textbook

Submission Requirements

 Format: Microsoft Word (no PDF)

 Font: Arial, size 12, double-space

 Citation Style: APA format

 Length: 1 to 2 pages

Self-Assessment Checklist

 I addressed all issues required for the summary report.

 I created a well-developed and formatted procedure guide with proper grammar, spelling, and

punctuation.

 I followed the submission guidelines.