Josh Waring

ITS 370 Hmwk #6

Shin Ping Tucker

 

Exercises

2.)   Create one or more rules necessary for both the internal and external firewalls to allow a rmeote user to access an internal machine from the Internet using the Timbuktu software (research the ports used by this software).

Rule #

Src Addr

Src Port

Dest Addr

Dest Port

Action

1

Any

407

Any

407

Allow

 

4.     Using the Internet, determine what applications are commercially available to enable secure remote access to a PC.

Teamviewer – has a free version that allows users to connect to remote desktops using a shared security code.

Windows Remote Desktop – part of Windows [10] Pro, allows secure connection to other Windows desktops.

RemotePC (by IDrive) – functions similar to TeamViewer, but is based on a paid subscription model.

LogMeInRemote – developed by LogMeIn, allows secure remote access to a user’s desktop.

 

Case Exercises-Discussion Questions

1.)   What questions do you think Kelvin should have included on his slide to start the discussion?

 

I think Kelvin should include such questions as:

·        Should we bastion hosts, or the more expensive and complicated but also more comprehensive screened subnet with proxy servers?

·        Should we go with the more economical plan proposed by Costly & Firehouse, or should we go with their recommendation to implement the more expensive plan?

·        What’s the projected implementation time for each of the plans?

2.)   If the questions were broken down into two categories, they would be cost versus maintaining high security while keeping flexibility.  Which is more important for SLS?

I think that high security is more important for SLS, because they recently had a breach, and implementing a security system is going to be a signifcant cost either way.  I think that implementing the more expensive solution now would prevent SLS from needing to upgrade their system later, potentially saving them some money in the long run.

 

Case Exercises-Ethical Decision Making

I definitely think it is unethical to produce a consulting report that steers a client towards a specific outcome.  I think that consulting firms should be ethical and provide the best reports they can, regardless of financial gain—however, this is often not the case. 

If the firm truthfully recommended the more expensive solution and SLS decided on the less expensive solution solely to reduce costs, I think that it would be ethically sound for the firm to urge SLS to reconsider their decision, as it could have significant ramifications on the security of SLS client data.  Also, if SLS chose the less expensive option and it was breached, they would end up paying more money in the long run anyway.