___________________________________________________________________________

Network GuardiansNSA Capstone

Project Charter______________________________________________________________________________

Prepared By: [Joseph Douglas, Randolph Gallegos, Charles Spencer]Date of Publication: [12/17/14]

Revision History

Version Date Author(s) Revision Notes

1.0 12/17/14 (Joseph Douglas) (Project Objectives and Scope)2.0 1/15/15 Joseph C Douglas,

Charles Spencer, Randolph Gallegos

Newly Acquired information added

3.0 3/4/15 Joseph C DouglasCharles Spencer

Randolph GallegosGeneral Updates

1

Table of ContentsPROJECT DESCRIPTION.........................................................................................................................................4

PROJECT OBJECTIVES...........................................................................................................................................4

PROJECT SCOPE.......................................................................................................................................................4

IN SCOPE:...................................................................................................................................................................4

OUT OF SCOPE:..........................................................................................................................................................5

DELIVERABLES PRODUCED:.......................................................................................................................................5

STAKEHOLDERS:.........................................................................................................................................................5

REQUIREMENTS:.......................................................................................................................................................6ACCEPTANCE CRITERIA:PROJECT ESTIMATED EFFORT/COST/DURATION.........................................6

ESTIMATED COST:......................................................................................................................................................7

ESTIMATED EFFORT HOURS:.....................................................................................................................................7

ESTIMATED DURATION:..............................................................................................................................................7

PROJECT ASSUMPTIONS.......................................................................................................................................8

PROJECT RISKS........................................................................................................................................................8

PROJECT CONSTRAINTS........................................................................................................................................8

PROJECT DEPENDENCIES.....................................................................................................................................8

PROJECT APPROACH..............................................................................................................................................8

PROJECT ORGANIZATION………………………………………………………………………………………...8

COMMUNICATION PLAN:………………………………………………………………………………………….8

PROJECT GUIDELINES:...........................................................................................................................................9PROJECT APPROVALS............................................................................................................................................9

Risk Management Plan……………………………………………………………………10-13Quality Management Plan………………………………………………………………...14-16Change Management Plan………………………………………………………………..17-21Work Breakdown Structure………………………………………………………………22-26Nature's Best Active Directory…………………………………………………………..27-28Project Gantt chart………………………………………………………………………...29-35Budget & Billed Material Costs…………………………………………….................................37- 41Retail Store's Network Schematic……………………………………………………………………………..42-44Corporate Headquarters Network Schematic………………………………………………………………..45-46

2

Security Policy Workstations & Domains……………………………………………………………………..46-53

Server Security Policy…………………………………………………………………………………………..54-60

Disaster and Recovery Policy………………………………………………………………………………….61-67

Client Configuration……………………………………………………………………………………………..68-69

Test Plan…………………………………………………………………………………………………………70-71

Back up Policy…………………………………………………………………………………………………..72-75

System Lockdown………………………………………………………………………………………………76-79

Computer Training Policy………………………………………………………………………………………80-82

Mobile Computer Policy………………………………………………………………………………………..83-88

Hardware Description………………………………………………………………………………………….88-100

Software Description…………………………………………………………………………………………101-104

Conclusion………………………………………………………………………………………………………….105

3

Project Description

Our purpose is to provide high quality network and hardware solutions for Nature’s best. First thing we will do is provide a budget plan for the labor and materials for the project. Next we will be setting up the hardware and software in the main headquarters which will include the cabling, workstations, servers and the call center. We will then move onto the four branches, each branch will be set up the same way with a file/print server, two high speed network printers/copiers/scanners, fax machine, voice messaging and ten workstations. The design should ensure sufficient system capability and capacity to provide a centralized solution and provide a proportionate network infrastructure which will provide a data storage solution for the branch offices. All client information and services will be hosted at the Brea office central headquarters.

Project Objectives Network Guardians objective is to provide state of the art IT Equipment and solutions to our clients to ensure a cost effective network infrastructure and meet the requested timeline of the engineered design for the company. Also help meet the company expectation for expansion. Each retail store personnel will have one administrator, two to four cashiers and four to five stockers. While the headquarters will house a president, officers, receptionist, IT department and 75 warehouseman and the call center will have 20 agents and one to two supervisors. We will implement hosting for data communications and data storage within the Brea Headquarters with consideration for growth expectations within each retail outlet.

This project will meet the following objectives: Improved Network Capability

Improved Network Infrastructure for High Speed/low bottleneck chances Backup & Recovery Plan/ Business Continuity plan All hardware and software will adhere to laws, regulations and codes Implement Voice-to-Pick System for improved picking rate and speed. Implement (WMS) software to improve overall Warehouse Performance & Productivity Design for Growth Expectation

Project Scope The scope of this project includes and excludes the following items:

In Scope: Implement a Security, Disaster Recovery, and Risk Analysis compliant by the PCI-DSS. Setup

network infrastructure and connectivity for each retail store. Provide off-site storage solution for backups and easy data access back to the retail branches.

Modernize IT Hardware & Software.

4

Ensure sufficient system capability and capacity for all 4 retail locations to provide centralized solution for data storage and management.

Training of current IT staff to maintain the newly implement network

Implement call center in the Brea California Headquarters.

Out of Scope: Design of new conveyer belt

Removal of obsolete equipment & Software

Responsibility of Physical security of Headquarters and (4) retail store buildings

Major Deliverables Produced: Finalize Charter with approval

Finalize Network Layout with approval

Complete testing of Hardware & Software with no failures

Finalize implementation of the Network Infrastructure & Go live

Stakeholders: The impact of this project on other organizations needs to be determined to ensure that the right people and functional areas are involved and communication is directed appropriately.

Stakeholder How Are They Affected, orHow Are They Participating?

Internet Service Providers Ensure there is enough Bandwidth to accommodate the network

Network System Administrator Over sees the network services and maintenance is working properly.

IT Department Responsible for monitoring the network infrastructure.

Employees Will be using the workstations to process orders and use the Network services.

5

Supervisors Oversees function of the Warehouse are met and supervise employment

Truck Drivers Responsible for shipping orders to retail stores in a timely manner

Call agents Responsible for Customer service inquiries

Food Manufactures Manufacturer of food products to the Company

Back Haul Contractors Provides backhaul loads for Truck Drivers

Requirements: Access for employees and faculty personnel to network services. Implement fully functional servers that host banking software that track clients, demographics,

accounts, and statement information that also hosts business management applications for accounting, HR, and other asset- management tools and also provide necessary network services for Active Directory, DNS, and DHCP, and online ordering.

VoIP Phone service (Cisco) Voice messaging with forwarding services Network devices for LAN and Wan connection (router, firewall, switch etc.) Portable scanning devices to update shelf/stock inventory Implement 10 workstations at each retail store. Design for expansion

Acceptance Criteria: Requirement will be first drafted and viewed by Senior IT management that all requirements are

met for Nature’s Best Corporation to implement the network infrastructure. Once approved by Senior IT network Administrator that all requirements are met we will escalate

to the Owner(s) of Nature Best for final approval.

6

Project Estimated Effort/Cost/DurationEstimated Cost: $587,474.75

Estimated Effort Hours: 2500 Hours

Estimated Duration: 3 Months and 12 days

MilestoneProjected

Completion Date

Deliverable(s) Completed

Project Planning 12/17/14 Project Charter Schedule

WBS Dictionary, WBS Diagram 1/7/15 Provide work WBS WBS Tree Structure

Budget Bill 1/14/15 Estimated Cost Hardware/Software/Labor

Quality & Change Plans 1/21/15 Create Quality & Change Plans

Risk Management Plan 1/28/15 Create Risk ManagementDesign Network Infrastructure 1/28/15 Blueprint of NetworkFinal review of approval by Nature’s Best President

2/1/15 Approval to implement Network Design

Start work cabling of buildings 2/15/15 Interior wall cabling of Cat6Servers installed and tested 2/20/15 Installed servers and

working with no failuresWorkstations installed and tested 3/1/15 Printers, workstations, and

stations working properly and on appropriate network segments

Hand over system to client/Go Live 3/5/15 Train IT on the system/Go Live

7

Project Assumptions Certain assumptions and premises need to be made to identify and estimate the required tasks and timing for the project. Based on the current knowledge today, the project assumptions are listed below. If an assumption is invalidated at a later date, then the activities and estimates in the project plan should be adjusted accordingly.

Initial configuration and updates may cause a delay

Delays due to initial hardware/software upgrades

Assuming that we will be doing this when the company is down for implementation stage

Project Risks Project risks are characteristics, circumstances, or features of the project environment that may have an adverse effect on the project or the quality of its deliverables. Known risks identified with this project have been included below. A plan will be put into place to minimize or eliminate the impact of each risk to the project. The specifics of each risk area are outlined in the Risk Management Plan.

Risk Area Level (H/M/L) Risk Plan

1. Communications Breakdown M Make sure everyone knows and understands their duties.

2. Over Budget of project L Stay cost efficient for the project3. Hacked H Secure networks and firewalls4. Employee turnover (Project Member) M Have confidence in yourself and other members

in your project.5. Parts on Back order M Inform client, Review timelines, Change

documentation6. Employees getting sick L Reshuffle work schedule with employees to

complete the task.7. Natural Disaster M Evaluate the situation / Brainstorm a solution

Project ConstraintsThe project manager should be aware of constraints because they refer to limitations that the project must execute within.

Budget

Date Deadlines

Server Room Access

Hardware/Software Limitations

Time

8

Project Dependencies Project Date Due Deliverable DependencyBudget 2/1/15 Approval for Budget from Nature’s Best

Company Owner(s)Meet Project Deadline 3/4/15 Meet Deadline to ensure company

needs are met.

Project Approach Initiation Planning Installation Implement Hardware Implement Software Testing Hardware/Software Finalize Go Live

Project Organization An appropriate project organization structure is essential to achieve success. The following list depicts the proposed organization:

Project Sponsor: Mr. HaleProject Manager: Joseph C. Douglas (Financial Advisor)

Project Member: Charles Spencer (IT Technician, Technical Advisor)

Project Member: Randolph Gallegos (Head IT Technician, Technical Writer)

Project Member: N/A

Communication Plan: Have meetings on project progress once a week Progress meetings outside of class,LRC optional meeting location Communicate via email, in-class, phone Share files via flash drives

Team Contact Information

Joseph C Douglas jd@gmail.comRandolph Gallegos Randy@gmail.comCharles Spencer Spencer@gmail.com

9

Project Guidelines: Complete all tasks with Quality Complete all task on time Communication on all levels

Project Approval

______________________________________ ___________________Project Sponsor — [insert name] Date

______________________________________ ___________________Project Manager – [insert name] Date

______________________________________ ___________________Project Member — [insert name] Date

______________________________________ ___________________Project Member — [insert name] Date

______________________________________ ___________________Project Member — [insert name] Date

______________________________________ ___________________Project Member — [insert name] Date

10

RISK MANAGEMENT PLANBy Charles Spencer

11

Table of Contents

Purpose and Scope 2

Risk Plan Objectives 2

Deliverables Produced 2

Deliverables 1 2

Deliverables 2 2

Deliverables 3 2

Project Risks 3

Risk 1 3

Risk 2 3

Risk 3 3

Disaster Recovery Plan 3

Types of Teams 3

In Event of a Disaster 3

Recovery Scenarios 3

Recovery Activities 3

12

Purpose and ScopeThe purpose of this is to address multiple areas of concern from the User Domain and

the Work Station Domain to Disaster Recovery. To identify the risks we look at the User Domain. The risks here are a User opens an email with a virus and it affects the system or maybe he tries to mess with certain areas of the network where he has no knowledge. To mitigate and prevent this employee’s should only be able to open work related emails from a work email, meaning no personal email access.

Risk Plan ObjectivesObjective 1: Describe what Unisys Stealth can do for the company

Objective 2: Show our concern with risks to your system and Mitigate or Prevent

Objective 3: Give a sound Disaster Recovery Plan for the Company

Deliverables ProducedDeliverables 1: For the security side, I would like to introduce Unisys Stealth. This is a company and a program that when active it hides your network from any and all outside access. It also has a Disaster Recovery option where all your information is stored in a cloud like server and in the event of a Disaster that causes or destroys any of your building, you can quickly set up that buildings information in a new area anywhere you need to or are able to

Deliverables 2: Mitigation or Prevention of all most all risks to the User and Work station Domains.

Deliverables 3: A sound Disaster Recovery Plan and The ability to relocate when needed

13

Project RisksRisk 1: Risks to the User Domain can cause problems with the network and/or allow hackers to get into your systems and cause damage or steal information. A user opens an email from yahoo or Gmail and that email has a virus attach to it. An out of date virus scanner may not detect threat and it infects your system. I offer Unisys Stealth and Bit defender. Unisys protects your system from outside threats and creates a sound disaster recovery plan and Bit defender will scan all outside and inside emails for virus and erase them before infection

Risk 2: Work Station Domain’s software has to remain up to date at all times. In today’s world only an up to date virus scanner can detect virus and prevent them from getting into your system. Bit Defender is a good prevention tool to use for your work stations and will stop if not prevent access of worms or virus’s

Risk 3: Disaster Recovery will help the company when something unexpected happens and no time was given. Unisys Stealth steps in and helps with the recovery by giving you the ability to relocate your building anywhere that’s safe or even further.

Disaster Recovery PlanTypes of Teams: IT Admin and Unisys Stealth Hardware

In Event of a Disaster: IT Admin from another area will log into the Unisys information and within that day have relocated the company buildings information into a new area

Recovery Scenarios:

Minor Damage Scenario – In case of minor damage, such as fired cables or damage to hardware

Action Plan – Replace Damage component

Major Damage Scenario – For Major damage such as fire to the server room or a breach in the system

Action Plan – Unisys Covers any major damage scenario with back up to the cloud and the ability relocate that information to anywhere else within that day, this type is covered

Recovery Activities: IT Admin logs into the Unisys Stealth and recovers the information and relocates it to where ever else they may need

14

Quality Management PlanBy Joseph C Douglas

15

Purpose and Scope

The purpose of the plan is to set forth a coordinated approach to addressing the quality assessment and process improvement within the project scopes and goals for Nature’s Best New Network Infrastructure. The scope is to ensure quality Hardware & Software along with testing of proper implementation of the product.

Quality Plan Objectives

All hardware and software will adhere to laws, regulations and codes. Monitoring the quality work of the project. Staying committed to the Quality Assurance of the project. Develop an effective plan and processes, including quality assurance and quality control

procedures, to achieve objectives.Deliverables Produced

To implement at each retail store One file/print server Two high-speed network printers/copiers/scanners Fax machine Voice messaging with forwarding services Ten workstations at each location Network devices that support the LAN and WAN connection—router, firewall, switch and Cisco VoIP phone service.

The corporate headquarters will have an application server hosting banking software installed to track all clients, demographics, accounts, and statement information A separate server that hosts business management applications, such as accounting, HR, and other asset-management tools A separate server that provides necessary network services, such as Active Directory, DNS, and DHCP A Web server(s) for online ordering network connection—router, firewall, switch Email service provided by an external provider and accessible via email client software and/or Web access One file/print server. Three network printers/copiers/scanners Cisco VoIP phone service.

Identify Metrics:

Define test and quality objectives for the project. Monitor progress towards the goals that are set. Will monitor time spent on fixing error and defects during user acceptance tests, defects

found in production after implementation.

16

Test Checklist:

Perform independent technical review, management oversight, and verification to ensure that quality objectives are met.

Check performance and Customer Quality Objectives performance measures thresholds to verify that performance will accomplish Quality Objectives and to verify sufficiency of the plan. Share findings with all project stakeholders to facilitate continuous improvement.

Results:

Improved Network Capabilities. Improved Network Infrastructure for High Speed/low bottleneck chances. Overall Quality Assurance and Objectives met.

17

Change Management PlanBy Joseph C Douglas

18

Purpose

The purpose of the change management plan is to communicate any changes that need to

occur during the entire project. This plan will show how Network Guardians will ensure for a

seamless and beneficial change.

The Goals of Network Guardians plan is:

1. The project is changed to fit the scope of the project.

2. To make sure that changes are followed approved, documented and implemented.

3. To ensure the change is necessary and reasonable.

4. Changes are communicated to all parties.

Responsibilities for the change management plan:

1. Network Guardians is responsible to generate the change management plan.

2. The change management plan will be implemented into the project plan.

3. Make sure that there is enough founding for the change and obtain approval to

implement the change.

4. Network Guardians is responsible for the completion of the change management

plan in the time estimated.

5. The change management plans will be approved by Nature’s best and

communication of the implementation of the plan.

19

Change management Frame

The project manager Joseph Douglas will have the responsibility of allocating the

execution of the change management plan. Joseph will also be the one who is in charge of the

communication of the plan and will be in charge of making sure the change management plan

will stay on course as according to the scope of the project. These steps will take place in order to

complete the task:

1. Recognize the change needed to be made and log the request for change.

2. Assess the change, inspect the change to the project plan, and allocate the work

needed to be done and the estimated time of the change to the project plan.

3. Ascertain the risk of the change and how the impact is going to change the project

plan.

4. Collect the change approval from Nature’s best. This will consist of possibly

negotiations of the plan in parts, scheduling and communicate all changes to all

parties.

5. Implement the change into the project plan. Will stay on site throughout the

project to make sure that the team stay’s within the scope of the new changed

plan.

20

Change Management Scope

The scope to the change management will be followed to manage the project scope. The

details of change management, allocates responsibilities and will tell the team what needs to be

done, tools possibly needed, equipment possibly needed, and the documentation of all parts to the

change including the schedule. In short, the processes for this change management scope are:

1. Communicate with stakeholders about changes needed and document the wants

needs and constraints of the stakeholders.

2. Change the needs into high-priority requirements to equipment; make sure that the

new high-priority requirements to gain a better network.

3. Check with stakeholders when the change has been identified.

4. Verify the change is the change has been made and communicate that with the

stakeholders throughout the different parts of the project. Make sure that the end

product matches the scope of the plan and meets up to code.

5. Follow the process of the change management plan to manage modification’s and

additions to the plan, will stay on schedule

21

Schedule Change Plan

In the documentation of the change management plan, the changes that need to be made

to the plan that might change plan’s schedule will be specified.

Cost management of the change plan

The cost for the change management plan will be specified in the documentation of the

plan. The change cost will be specified, and what conditions need to be made will also be

specified. If the projected cost of the change doesn’t meet the needs for the project plan

negotiations will be documented.

22

(WBS)By Joseph C Douglas

23

1.0 Nature’s Best Project

1.1 Initiation

1.2 Recommendations 1.3 Develop Charter1.4 Submit Charter1.5 Sponsor Reviews Charter1.6 Charter Signed/Approved

2.0 Planning2.1 Create Scope Statement2.2 Determine Project Team2.3 Team Plan Meeting2.4 Implement Project Plan2.5 Submit Project Plan2.6 Project Plan Approval

3.0 Installation3.1 Installation Planning3.2 Installation Development System3.3 Installation of live system3.4 Test all installation

4.0 Hardware4.1 Hardware Requirements4.2 Hardware Testing4.3 Validate User Requirements4.4 User Training

5.0 Software5.1 Software Requirements5.2 Software Testing5.3 User Training

6.0 Project Management6.1 Planning6.2 Budget6.3 Meetings6.4 Risk Management6.5 Update Project Management Plan

7.0 Finalize 7.1 Update files/Records7.2 Document Lessons learned7.3 Audit Procurement

24

7.4 Gain Formal Acceptance

Dictionary

Level WBS Code WBS Code Definitions

1 1.0 Nature’s Best Project

Plan and Design a Network Foundation for Nature’s Best Headquarters.

2 1.1 Initiation The work to Initiate the Project.3 1.2 Recommendations Working Group to make a solution and

Recommendations for the project.3 1.3 Develop Charter Project Manager Implements a Project Charter.3 1.4 Submit Charter Project charter is given to the sponsor.3 1.5 Sponsor Reviews

CharterProject Sponsor Evaluates the charter.

3 1.6 Charter signed & approved

Project Sponsor signs the charter to forward authorization for the planning process.

2 2.0 Planning The work for the planning process of the project.3 2.1 Create Scope

StatementProject Manager to create a scope statement.

3 2.2 Determine Project Team

Project Manager Determines the team and resources needed for the project.

3 2.3 Team Plan Meeting

Meeting for the Project plan with members working on the project.

3 2.4 Implement Project Plan

Project Manager directs and team develops the project plan.

3 2.5 Submit Project Plan

Project plan gets submitted for approval by the Project Manager.

3 2.6 Project Plan Approval

Plan is approved and Project Manager can proceed to implement the project plan.

2 3.0 Installation Installation for Modern IT Hardware and Software3 3.1 Installation

PlanningPlan start date and end date of installation

3 3.2 Installation Development

System

Installation of development system for testing and customizing of user interfaces.

3 3.3 Installation of Live System

Actual system is installed and configured

3 3.4 Test all Installation

Tests done to ensure proper functions of installation

2 4.0 Hardware Computer, Printers, cabling, phones, computer hardware for project.

25

3 4.1 Hardware Requirements

Required hardware for project according to budget and topology used.

3 4.2 Hardware Testing Tests done for quality of installation.3 4.3 Validate User

RequirementsOriginal user requirements are reviewed and validated with the users.

3 4.4 Users Training All users will receive training class on new hardware.

2 5.0 Software Programs and applications for the computers, workstations etc.

3 5.1 Software Requirements

Required software for project according to budget and topology used.

3 5.2 Software Testing Test done for quality of installation.3 5.3 User Training All users will receive training on new software.2 6.0 Project

ManagementOverall Management of the project.

3 6.1 Planning Overall Plan to implement the project.3 6.2 Budget Maintain a cost efficient budget for the bid.3 6.3 Meetings Manager and project members group to discuss

project issues and goals for success.3 6.4 Risk Management Risk management efforts to avoid any unacceptable

risks or failures.3 6.5 Update Project

ManagementUpdates on the project as it progress.

2 7.0 Finalize The work to finish the project.3 7.1 Update files &

RecordsFiles and records are update to reflect the Nature’s best network infrastructure and design.

3 7.2 Document Lessons learned

Manager and project members document lesson learned for throughout the project.

3 7.3 Audit Procurement

Audit for all hardware and software procured for the project, to be sure that all procured products is accounted for in the project.

3 7.4 Gain Formal Acceptance

Project Sponsor accepts and signs the acceptance document included in the project plan.

26

27

Nature’s Best Active DirectoryBy Joseph C Douglas

28

29

Project Gantt chartBy Charles Spencer

30

Task Name Duration Start Finish Predecessors Resource Names

Project START 56 days? Wed 12/10/14

Wed 2/25/15

WEEK 1 6 days Wed 12/10/14 Wed 12/17/14

Team Meeting 1 day Wed 12/10/14 Wed 12/10/14

Joseph Douglas,Ernest Dalusong,Charles Spencer,Randolph Gallegos

Logo 1 day Wed 1/7/15 Wed 1/7/15 Randolph Gallegos

Team Roles 1 day Wed 12/10/14 Wed 12/10/14

Ernest Dalusong,Joseph Douglas,Charles Spencer,Randolph Gallegos

Analyze Protect 5 days Wed 12/10/14 Tue 12/16/14

Ernest Dalusong,Charles Spencer,Joseph Douglas,Randolph Gallegos

Assign Tasks 5 days Wed 12/10/14 Tue 12/16/14

Research 5 days? Wed 12/10/14 Tue 12/16/14

Ernest Dalusong,Charles Spencer,Joseph Douglas,Randolph Gallegos

In/Out Scope 0.25 days Wed 12/17/14 Wed 12/17/14

Equipment Removal 0.25 days Wed 12/17/14 Wed 12/17/14

Charles Spencer,Ernest Dalusong,Joseph Douglas,Randolph Gallegos

New Conveyer 0.25 days Wed 12/17/14 Wed 12/17/14

Charles Spencer,Ernest Dalusong,Joseph Douglas,Randolph Gallegos

WEEK 2 6 days Wed 12/17/14 Wed 12/24/14

Network Topology Discussion 3 days Wed 12/17/14 Fri 12/19/14

Joseph Douglas,Ernest Dalusong

Project Charter Develirables 3 days Wed 12/17/14 Fri 12/19/14 Joseph Douglas Cost Analysis- Hardware 3 days Wed 12/17/14 Fri 12/19/14 Randolph Gallegos Cost Analysis- Software 3 days Wed 12/17/14 Fri 12/19/14 Ernest Dalusong Unysis Stealth Security 3 days Wed 12/17/14 Fri 12/19/14 Charles Spencer Design Phase 3 days Wed 12/17/14 Fri 12/19/14 Retail Outlets 3 days Wed 12/17/14 Fri 12/19/14 BackHauling Freight 3 days Wed 12/17/14 Fri 12/19/14

31

Handheld Scanners 3 days Wed 12/17/14 Fri 12/19/14 WEEK 3 6 days Wed 1/7/15 Wed 1/14/15

Journal 1 day Wed 1/7/15 Wed 1/7/15

Ernest Dalusong,Charles Spencer,Joseph Douglas,Randolph Gallegos

WBS and WBS Dictionary 1 day? Wed 1/7/15 Wed 1/7/15 Joseph Douglas Project Management Plan 1 day? Wed 1/7/15 Wed 1/7/15 Design a Product Charter 1 day? Wed 1/7/15 Wed 1/7/15 Identify Scope 1 day? Wed 1/7/15 Wed 1/7/15 Preliminary Schedule 1 day? Wed 1/7/15 Wed 1/7/15 Ernest Dalusong WEEK 4 5 days Wed 1/14/15 Tue 1/20/15 Team Journal 1 day? Wed 1/14/15 Wed 1/14/15 Journal 1 day? Wed 1/14/15 Wed 1/14/15 Hardware / Software Documentation 1 day Wed 1/14/15 Wed 1/14/15

Budget 1 day? Wed 1/14/15 Wed 1/14/15 Research on Retail, Warehouse, Transportation problems

1 day? Wed 1/14/15 Wed 1/14/15

WEEK 5 6 days Wed 1/21/15 Wed 1/28/15 Team Journal 1 day Wed 1/21/15 Wed 1/21/15 Journal 1 day Wed 1/21/15 Wed 1/21/15 Change Management Plan 1 day Wed 1/21/15 Wed 1/21/15 Quality Plan 1 day Wed 1/21/15 Wed 1/21/15 WEEK 6 6 days Wed 1/28/15 Wed 2/4/15 29 Team Journal 1 day? Wed 1/28/15 Wed 1/28/15 Journal 1 day? Wed 1/28/15 Wed 1/28/15 50% Power Point 5 days? Wed 1/28/15 Tue 2/3/15 Network Infrastucture Configuration Draft 5 days? Wed 1/28/15 Tue 2/3/15

Active Directory Draft 5 days? Wed 1/28/15 Tue 2/3/15 Risk Management Plan 5 days? Wed 1/28/15 Tue 2/3/15 Network Schematic Draft 5 days? Wed 1/28/15 Tue 2/3/15 Server Configuration Draft 5 days? Wed 1/28/15 Tue 2/3/15 WEEK 7 5 days? Wed 2/4/15 Tue 2/10/15 35 Team Journal 5 days? Wed 2/4/15 Tue 2/17/15 Journal 5 days? Wed 2/4/15 Tue 2/17/15 Researchs on Firewalls 5 days? Wed 2/4/15 Tue 2/10/15 Week 8 5 days? Wed 2/11/15 Tue 2/17/15 49 Team Journal 5 days? Wed 2/11/15 Tue 2/17/15 Journal 1 day? Wed 2/11/15 Wed 2/11/15 Client Configuration Draft 1 day? Wed 2/11/15 Wed 2/11/15 Week 9 1 day? Wed 2/18/15 Wed 2/18/15 Team Journal 1 day? Wed 2/18/15 Wed 2/18/15 Journal 1 day? Wed 2/18/15 Wed 2/18/15 Week 10 1 day? Wed 2/25/15 Wed 2/25/15 Team Journal 1 day? Wed 2/25/15 Wed 2/25/15 Journal 1 day? Wed 2/25/15 Wed 2/25/15 Server Configuration Final 1 day? Wed 2/25/15 Wed 2/25/15 Client Configuration Final 1 day? Wed 2/25/15 Wed 2/25/15 95% Presentation 1 day? Wed 2/25/15 Wed 2/25/15 Network Infrastructure Configuration Final 1 day? Wed 2/25/15 Wed 2/25/15

Active Directory Final 1 day? Wed 2/25/15 Wed 2/25/15 Implementation Demo 1 day? Wed 2/25/15 Wed 2/25/15 Network Schematic Final 1 day? Wed 2/25/15 Wed 2/25/15

32

33

34

35

36

Budget & Billed Material CostsBy Joseph C Douglas & Randolph Gallegos

37

Hardware CostServers Quantity Individual Cost Sales Tax 8.25% Total Q CostBarracuda 840 Load Balancer ADC 1 $64,407.99 $69,721.65 $69,721.65Nfina 328i4 Dual Proccessor 300 series 5 $3,907.25 $4,229.60 $21,148Nfina 528i4 Dual Proccessor 500 series 2 $3,367.10 $3,644.88 $7,289.77Web server Power edge T630 1 $1,609.00 $1,741.74 $1,741.74

Printer/Scanners/CopiersHP LaserJet Enterprise 700 M775f CC523A 11 $5,449.99 $5,899.61 $64,895.75WorkstationsHP Z230 Workstation PC 40 $849.99 $920.11 $36,804.56Portable Scanning DevicesIntermec 1552 Sabre 24 $695.00 $752.33 $18,055.22

Network DevicesCisco ASR 1002 - Router 5 $22,074.99 $23.896.17 $119,480.85Cisco Small Business SG200-26P Managed PoE Switch 4 $425.99 $461.13 $1,845.20TrippLite B096-016 16-Port Serial Console Server Management Switch 1 $1,663.99 $1,801.26 $1,801.26

VoIP Phone ServiceVoIP 3CX Phone System (3CXPS16) Server 5 $1,395.00 $1,510.08 $7,550.40Aastra 67531 IP Phone 40 $148.55 $160.80 $6,432

Total $356,766.40

38

Software CostNexorone Banking Software 1 $12,500.00 13,531 $13,531Adobe Acrobat 40 $299.99 $325 $13,000Windows OS 8.1 Pro 40 $132.99 $143.96 $5,758.40BitDefender AntiVirus Plus 2015 40 $89.95 $97.37 $3,894.80Microsoft Offi ce 365 Personnel 40 $69.99 $75.76 $3,030.40VueScan Portalable Scanning Software 24 $39.95 $43.24 $1,123.37

Total $40,337.97

Miscellaneous Hardware CostU Touch POS Registers 16 $1,039.72 $1,133.21 $18,131.36Cat6 cabling boxes 1000ft 15 $119.99 $129.89 $1,948.35Off-Site Data backup service Barracuda Backup 390 Monthly $150.00 $1,800 $1,800Smart Rack 4 post open frame rack 5 $288.95 $312.79 $1,563.95RJ-45 Cat6 Modular Plugs (2 per box) 100 $1.20 $1.30 $1,300J-Hooks w/HOK-24 Clip (100pcs per box) 2 boxes $256.04 $277.16 $554.3248 port patch panel 4 $54.99 $59.52 $238.0896 port patch panel 1 $119.99 $129.89 $129.89TrippLite Wall Mount 2 post open frame rack mount 1 $114.95 $124.43 $124.43

Total $25,790.38

39

Labor & Testing CostLabor & Implementation fees 500/hrs $150.00 P/H $75,000Hardware & Software Testing fees 500/hrs 100.00 P/H $50,000IT Maintenance fees 300/hr $100.00 P/H $30,000Training for IT Staff 70/hrs $75.00 P/H $5,250

Total $160,250

Licensing CostAcademic OPEN 1 Microsoft offi ce 1 licensing 40 $59.99 $64.94 $2,598 Microsoft Single software Assurance 1 licensing 40 $40.00 $43.30 $1,732

Total $4,330

Project Total Cost Grand Total $587,474.75

40

Retail store’s Network SchematicBy Joseph Douglas

41

42

LA Branch Class B AddressSubnet: 172.16.0.0

IP: 172.16.0.1Subnet Mask: 255.255.255.224/27

IP Range: 1-30

NY Branch Class B AddressSubnet: 172.16.1.0

IP: 172.16.1.1Subnet Mask: 255.255.255.224/27

IP Range: 1-30

Seattle Branch Class B AddressSubnet: 172.16.2.0

IP: 172.16.2.1Subnet Mask: 255.255.255.224/27

IP Range: 1-30

Orlando Branch Class B AddressSubnet: 172.16.3.0

IP: 172.16.3.1Subnet Mask: 255.255.255.224/27

IP Range: 1-30

43

Corporate Headquarters Network Schematic

By Joseph Douglas

44

45

Natures Best Security Policy

Workstations & User DomainBy Joseph C Douglas

46

Purpose:

The purpose of these policies is to provide an up to date corporate security plan for the User and Workstation Domains at all of Nature’s best branch offices.

Scope:

This policy will apply to all Nature’s Best employees who have access to their Workstations and User Domain. It will ensure confidentiality, integrity and availability of sensitive information, including protected and personal information is restricted to authorized users only.

47

Common Vulnerabilities

o Lack of awareness or concern for security policyo Intentional malicious activityo Violation of security policyo Unauthorized user accesso Weakness in installed softwareo Malicious software introducedo Social engineering

Threat Targets of the User and Workstation Domains

o PC’S o Smartphoneso Personal Digital Assistants (PDAs)o Application Software (productivity, Web browsing)o Administrative workstationso Servers, network and operating-system softwareo Departmental workstations

48

User Domain & Workstation Policy

o Implement an acceptable security policy.o Apply awareness training on the policies.o Establish unique logon credentials for users that require a strong

password.o Grant only user privileges to that users required tasks.o Enable password protection for workstationso Conduct a second-level test to verify a user’s access.o Automatic antivirus scans for inserted CDs, DVDs, and USB

drives that have files at all workstations.o Content filtering and scanning for virus at internet entry and exit

points.o Have workstation domain vulnerability tests to find gaps

49

Continued….

o Minimize write/delete permissions to the data owner only.o Disable internal CD drives and USB ports.o Enable automatic antivirus scans for media drives, files and e-

mail attachments.o Enable content filtering for antivirus scanning of email

attachments.o Track and monitor abnormal employee behavior.o Updates on application software and security patches.o Antivirus and malicious scans that update workstations with

proper protection.o Enable workstations auto-scans for all new files and automatic

file quarantine for unknown files.

50

VoIP & SIP Security policy and administration.

o Before dial tone users must prove their identity.o Only minimum functions and features will be used on all IP

phones with specific phone extensions.o PIN numbers or Password will be required before granting dial

tone of IP phones.o Long distances calls will require a valid code or permission from

It Management.o Encryption (VPN,SSH,HTTPS etc.) will be used for remote

access and management to call servers and VoIPo Call- Detail recordings for periodic auditing of users extensions,

inbound or outbound dialing, and toll calls.

51

Miscellaneous

o All N.B.-owned workstations, whether on the N.B. domain or not, must have a centrally-managed N.B. administrative group required for the Information Security Function.

o Wireless connections are only to be used on approved portable devices if wireless access is used on a mobile device, then the device must connect to an approved wireless access point.

o The use of insecure protocols such as FTP and Telnet are prohibited

o All server rooms, electrical closets, and locations where any network equipment such as routers, switches, firewalls or servers are housed will be secured and locked at all times.

o All workstations should have an established, documented, and consistently-used backup plan.

52

Enforcement of Policy

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

53

Nature’s Best Server Security Policy

54

Server Security Policy1.0 Premise: Every server administrator must take reasonable security measures to secure their

hosts as outlined by this policy. Computer security is not something that is done once a year, once

a month, or even once a day. It is the frame of mind that there are real threats and that part of the

job includes keeping users, data and transactions safe from these threats.

2.0 Purpose: This policy is for all computer system administrators managing a computer server

connected to a network. The following policies define common sense security practices expected

of all computer server administrators and users.

3.0 Scope: This policy addresses any server connected to a network providing any type of service

to other users.

4.0 Ownership and responsibilities: A server administrator, upon connecting their server to a

network, is responsible for the security of that device in accordance with IT guidelines.

Note: An administrator is held accountable when a compromise occurs. It is also expected that

the administrator will demonstrate reasonable precautions to ensure the security of their hosts.

5.0 Server Policy: As follows.

55

5.1 Location: Servers should be placed in physically secured areas accessible only to authorized

personnel. There is no substitute for physical security. Each Server room will be located next to

each lab and contains the IT essentials for each lab including, servers, racks, cabling and cabinets.

Server rooms should have limited access

• The door will be equipped with a key card system and qualified personnel will have to

swipe their card to enter

• If you card is lost/stolen please call our IT support immediately and they will deactivate

your card

• A new card will be overnighted to you immediately

• If you need the uses of a card today, IT director will have a spare key card on hand for

emergencies

5.2 Services Supported: Administrators should run only services on a server that are needed for

it to complete its designed task. Every service running should be regarded as a mode of entry.

The number of entry points should be limited to only those needed.

Note: The chance that a computer will be compromised is increased with the number of services

being run. Therefore, it is expected that every administrator knows exactly what and why services

are running.

5.3 Security Updates: The latest system patches should be applied regularly.

Note: Security related patches for systems often mean that there has been a successful exploit of

a particular vulnerability. The vulnerability of a system is directly proportional to the age of the

patches. The longer one waits before applying a patch, the more likely it is that it will be

successfully exploited. It is not uncommon to have a three-month-old vulnerability incorporated

into an automated tool that thousands of hackers use. Patching a system is something that should

be done on a regular schedule and immediately if a threat has been reported. At some point, if

patches are not applied in a timely manner, the server could be disconnected from the network

until vulnerabilities have been addressed.

56

5.4 Virus Protection: It is expected that administrators regularly scan all servers with updated

virus detection software.

5.5 Log-on Limits: Administrators should limit log-on retries.

Note: Password guessing applications have a greater probability of cracking a password if given

ample opportunity. For most situations, Information Technology Services recommends account

lockout after three failed log-on attempts.

5.6 Account Reviews: Accounts must be regularly reviewed for inactivity, and any dormant

accounts disabled.

Note: Old accounts should be terminated regularly. When students, faculty, and VIP personnel

leave the school, administrators should have a clear deadline for account termination. Dormant

(unused for more than 60 days) accounts make attractive targets to intruders, since no one will

likely notice the activity.

5.7 Local Accounts: Whenever possible, accounts should be located on and authenticated against

a Kerberos, NTLM, LDAP or Active Directory based infrastructure. Administrators should only

use local accounts when absolutely necessary.

Note: In most cases, local accounts are not scrutinized as closely as directory based accounts and

thus more susceptible to attack by automated tools.

5.8 Privileged Accounts: Special care should be taken with privileged accounts (including but

not limited to "root" for UNIX and "administrator" for NT), commensurate with the privileges

afforded the account. Passwords for privileged accounts should be given only to people with a

need for privileged access. For NT Servers, the "administrator" account should be renamed.

57

Note: Failing to change the name of the account gives would-be intruders half the equation to

compromising the server. All privileged server accounts should be password protected.

5.9 Password Protection: All accounts must conform to the Password Policy.

5.10 Service Banners: Wherever feasible, a log-on banner, stating that the system is for

authorized use only, should be displayed for anyone attempting to connect to the system.

Note: If possible, log-on restrictions (by time of day, by system address, etc.) should be

implemented. All operating system, version/release numbers, and vendor information provided in

log-on/sign-on banners should be limited or disabled. Providing this information makes attacks

easier by allowing intruders to pinpoint hosts with known security vulnerabilities.

5.11 Backups: Information Technology Services encourages server administrators to maintain

backups on all servers for 30 days.

Note: In the event of a security breach backups are important to track down when changes

occurred and which files were modified. Backups are also important to restore a server to its

configuration before the intrusion occurred (i.e. no code is present which was inserted during the

intrusion).

5.12 Server Logs: Logs of user activity must be retained for a period of time.

Note: IT recommends that these logs be kept for at least six months. Logs should include (where

feasible) the time and date of activities, the user ID, commands (and command arguments)

executed, ID of either the local terminal or remote computer initiating the connection, associated

system job or process number, and error conditions (failed/rejected attempts, failures in

consistency checks, etc.). Logs should be checked for signs of malicious activity on a regular

daily or weekly basis. Knowledge that logs are kept, acts as a deterrent to abuse. Logs are also

essential in investigating incidents after the fact. Many attempted break-ins can be detected early,

and sometimes prevented by early detection of unusual activity.

58

5.13 Sensitive Information: Nature’s Best of Information Technology Services must be made

aware of any server that contains sensitive data. This includes but is not limited to social security

number, credit card numbers, grades and other personal data.

Note: Extra precaution must be taken with systems containing sensitive data.

5.14 Remote Administration: In order for a vendor or consultant to gain access to a server from

off campus, they must be assigned a VPN account. The system administrator is responsible for

registering the vendor or consultant before the VPN can be assigned. In addition, that vendor or

consultant may be required to sign a non-disclosure agreement before gaining access to a server.

Note: Many servers require administration by outside vendors or consultants. In these cases, it is

preferred that this outside access be obtained by using a VPN account. The account allows for

secure remote access to the server. In the case on Windows servers, Terminal services should be

used through the VPN connection to administer the server. UNIX, Linux or Mac servers should

use SSH.

6.0 Incident Response: AS Follows.

6.1 Response Procedure: A server administrator must read and understand the Natures Best

Incident Response Policy.

1. The server will be analyzed by Information Technology Services and the server

administrator to attempt to determine the method by which the server was compromised.

2. If it has been determined that the server was compromised then the server's system

volume will be reformatted. The operating system will be reinstalled with the latest

security patches.

3. The server must pass a security scan before being reconnected to the network.

6.2 Incident Confidentiality: Information regarding security incidents will be kept confidential

by all parties involved. Only authorized personnel may disclose such information.

59

7.0 Compliance: Natures Best Information of Technology Services reserves the right to scan

systems for known vulnerabilities. When vulnerabilities are discovered, it is expected that

administrators will immediately act to close all known security vulnerabilities for which there are

reasonable methods to close such vulnerabilities. If the administrator is unable to do this in a

timely fashion, it is expected that they will remove the server from the network to protect other

systems.

8.0 Enforcement: All servers should be registered with Natures Best Information of Technology

Services.

Note: All server administrators must notify Nature’s Best Information of Technology Services of

servers running in their department. This registration will require names and phone numbers of

people to call in emergency situations including contact information during class breaks. When

security related issues arise and this information is not available, there may be no choice other

than to disconnect a server without notice. Natures Best Information of Technology Services

must be notified upon discovery of any system breach or suspected system breach. Natures Best

Information of Technology Services reserves the right to disconnect any server which poses a

threat to a school network. Any server not following the above procedures will be considered

unsafe, and as such poses a threat to the Company’s network and other systems.

60

Nature’s Best Disaster and Recovery Policy

61

This document delineates the policies and procedures for an Information Technology

Disaster Recovery Plan (referred to as “IT Disaster Recovery Plan”), as well as our process-level

plans for recovering critical technology platforms and the telecommunications infrastructure.

This document summarizes our recommended procedures. In the event of an actual emergency

situation, modifications to this document may be made to ensure physical safety of people,

systems, and data.

Our mission is to ensure information system operation, data integrity and availability, and

business continuity. All IT disaster recovery-planning procedures and recovery solutions should

be consistent with and support Local and State security policies. IT Disaster Recovery solutions

should offer the same level of security as the normal operating procedure so that sensitive data is

not compromised or disclosed.

Because IT resources are critical to Nature’s Best success, it is essential that the services

provided are able to operate effectively without excessive interruption. The IT Disaster Recovery

Planning Guidelines contained in this section support this requirement by establishing a proven

and structured approach to developing IT disaster recovery plans and procedures that enable a

system to be recovered quickly and effectively following a service disruption or disaster.

The purpose of a DRP is to document the recovery strategies and create a road map of

predetermined actions that will reduce required decision-making during a disaster and

systematically provide a documented recovery path. Although the likelihood of a catastrophic

disaster is remote, the devastation and potential loss of the ability to perform services requires

that advance planning occur in order to respond in an effective and responsible manner.

The recovery strategies developed should provide a means to restore IT components quickly and

effectively following a service disruption.

IT Disaster Recovery Plans must document backup procedures. Procedures should specify

backup frequency based on data criticality and the frequency that new data is introduced.

62

Backups should occur daily (at a minimum). Backup procedures should designate the location of

stored data, retrieval procedures, backup test procedures, file-naming conventions, media rotation

frequency, method for transporting data off-site, and a description of off-site storage facility.

Once backup procedures are documented, they should be tested. This test should include

the successful restoration of data. This includes retrieval procedures to obtain off site data.

Testing backup procedures will identify missing files, missing applications, and faulty

procedures. Testing backup procedures also increases the likelihood of discovering procedural

inconsistencies before an emergency, rather than during one. Recovery strategies must consider

damage or destruction of IT systems or unavailability of the primary site. Necessary hardware

and software will need to be acquired and/or activated quickly at the alternate location.

Notification procedures that describe the methods to notify recovery personnel during

business and non-business hours should be developed and documented. These procedures should

also cover events with and without prior notification. Primary and alternate contacts must be

included along with procedures to be followed if an individual cannot be contacted. While this

section lists contacts by team position, an emergency contact list that identifies personnel by the

team position, name, and contact information (e.g., home, work, cell, pager numbers, e-mail

addresses, and home addresses) should be appended to the plan.

The type of information to be communicated to those being notified should also be documented

in the plan.

Recovery activities begin once the plan has been activated and recovery team(s)

mobilized. Recovery phase activities focus on disaster recovery measures to execute temporary

IT processing capabilities, repair damage to the system, and restore operational capabilities at the

original or new facility. Recovery procedures must be documented in sequential format with step-

by-step instructions to restore system components in a logical manner consistent with priorities

identified in the BIA. The procedures should also indicate who is responsible for taking each

action and document any coordination between activities. Because recovery procedures are likely

to change frequently, it is recommended that recovery procedures and supporting exhibits be

maintained as a separate document.

63

Training and awareness programs are essential to a successful IT disaster recovery program.

Personnel with recovery responsibilities should receive training at least annually. New personnel

with plan responsibilities should receive training as soon as possible after they are identified. The

goal of the training is to educate staff to the extent that they are able to execute their respective

recovery procedures without aid of the actual DRP. The following elements should be covered in

the training program:

Purpose of plan

Cross-team coordination and communication requirements

Reporting procedures

Security requirements

Team and phase-specific processes (Notification/Activation, Recovery, and

Reconstitution)

Individual responsibilities in each phase

Plan testing is an essential element of a viable IT disaster recovery capability.

The first benefit of testing the DRP is that it provides an opportunity to train personnel to execute

the plan. Without practice, the key staff may have no idea what their roles are within the DRP.

Secondly, periodic testing is important because it validates the effectiveness of the backup and

recovery procedures. One of the key elements of a successful DRP is the ability of the recovery

team to locate a current copy of the core data to replicate. If the backup and recovery activities

used in the data center are not effective or fail to comply with the requirements of the BIA, a

DRP test will very quickly indicate this shortcoming.

64

The third importance of testing is not that the test succeeds without problems, but that you review

the test results and problems encountered and use these results to update or revise the current

procedures and plans.

Many agencies do not have the resources to performing a full recovery with system

downtime. A total system test is ideal. If a total system test cannot be performed, individual

sections or sub-systems of the DRP may be tested separately in order to confirm the

recoverability of the plan as a whole.

Thorough testing should include the following:

System recovery on an alternate platform from backup media

Coordination among recovery teams

System performance using alternate equipment

Restoration of normal operations

Notification and activation procedures

Test results should be documented, reported to senior management, and kept on file. The IT

Disaster Recovery Plan is a living document and the maintenance of the plan should be included

in the general business plan. It must be updated regularly to remain viable based on the most

current system architecture or environment. Each IT Disaster Recovery Plan must document plan

maintenance procedures and responsibilities. This should include reassessment of the plan at least

annually and a process to update the plan to reflect changes in hardware, software, and personnel.

65

Policy Statement

The Nature’s best comprehensive IT Disaster Recovery Plan shall be reviewed annually.

A risk assessment shall be undertaken periodically to determine the requirements for the

IT Disaster Recovery Plan.

The IT Disaster Recovery Plan should cover all essential and critical infrastructure

elements, systems and networks, in accordance with key educational activities.

The IT Disaster Recovery Plan should be periodically tested in a simulated environment

to ensure that it can be implemented in emergency situations and that the management

and staff understand how it is to be executed.

Staff must be made aware of the IT Disaster Recovery Plan and their own respective

roles.

The IT Disaster Recovery Plan is to be kept up to date to take into account changing

circumstances.

Objectives

The principal objective of the IT Disaster Recovery Plan program is to develop, test and

document a well- structured and easily understood plan which will help Nature’s best recover as

quickly and effectively as possible from an unforeseen disaster or emergency which interrupts

information systems and educational operations. Additional objectives include the following:

The need to ensure that employees fully understand their duties in implementing such a

plan.

The need to ensure that operational policies are adhered to within all planned activities.

The need to ensure that proposed contingency arrangements are cost-effective.

Disaster recovery capabilities are applicable to staff, vendors and others.

66

Prevention

All attempts are made to prevent or limit the impact of a disaster on the information systems

of Nature’s best. Specifically, the following steps have been taken:

All servers are in a centralized and secured, locked location with access limited to

technology staff and selected buildings and grounds staff.

A separate independent cooling system is installed in the server room.

All servers are password protected, with only select administrator level user accounts

given authorization to log on.

Uninterrupted power supplies are installed on all servers and key network equipment.

RAID is used on mission critical servers.

Plan updating It is necessary for the IT Disaster Recovery Plan updating process to be properly structured and

controlled. Whenever changes are made to the plan they are to be fully tested and appropriate

amendments should be made to the training materials. This will involve the use of formalized

change control procedures under the control of the Technology Department.

67

Client Configuration

68

CLIENT CONFIGURATION

For the Client configuration anybody with administration rights will have the opportunity

to change any configuration that they deem necessary.

For basic users, regular students that are using computer lab workstations, they

will need to have authentication first, they will be given the choice to make their

own password which must consist of at least 8 to 16 characters, using Caps and

mixture of special characters and numbers.

Their usernames will have part of their name and student I.D. number to verify

who they are upon logging on the computer lab work stations.

These passwords will have to be case sensitive and students will have to memorize

and not write don’t their password so no one can gain access to their computer lab

workstations.

Same will go for anybody in the Administration level, solely for security purposes.

69

Nature’s Best Test Plan

70

Test Plan

In setting up our network we have been tasked with devising the test plan to ensure the

functionality of the network. This plan documents the strategy in which we will verify and ensure

the network meets the client’s specifications.

Type of Testing

Compatibility Testing

Functional Testing

Stress/Load Testing

Performance/System Testing

Security Testing

Disaster Recovery Testing

User Acceptance Testing

Training Plan

Responsible to train the IT staff, and Administrators.

Making up the schedule for who is training who and how long it’s going to take

Assembling way for all the staff to get help after we leave the school.

71

Back up policy

72

Backup Policy

1.0 Overview

This policy defines the backup policy for computers within the organization which are expected

to have their data backed up. These systems are typically servers but are not necessarily limited to

servers. Servers expected to be backed up include the file server, the mail server, and the web

server.

2.0 Purpose

This policy is designed to protect data in the organization to be sure it is not lost and can be

recovered in the event of an equipment failure, intentional destruction of data, or disaster.

3.0 Scope

This policy applies to all equipment and data owned and operated by the organization.

4.0 Definitions

1.Backup - The saving of files onto magnetic tape or other offline mass storage media for the

purpose of preventing loss of data in the event of equipment failure or destruction.

2. Archive - The saving of old or unused files onto magnetic tape or other offline mass storage

media for the purpose of releasing on-line storage room.

3. Restore - The process of bringing off line storage data back from the offline media and putting

it on an online storage system such as a file server.

5.0 Timing

73

Full backups are performed nightly on Monday, Tuesday, Wednesday, Thursday, and Friday. If

for maintenance reasons, backups are not performed on Friday, they shall be done on Saturday or

Sunday.

6.0 Tape Storage

There shall be a separate or set of tapes for each backup day including Monday, Tuesday,

Wednesday, and Thursday. There shall be a separate or set of tapes for each Friday of the month

such as Friday1, Friday2, etc. Backups performed on Friday or weekends shall be kept for one

month and used again the next month on the applicable Friday. Backups performed Monday

through Thursday shall be kept for one week and used again the following appropriate day of the

week.

7.0 Tape Drive Cleaning

Tape drives shall be cleaned weekly and the cleaning tape shall be changed monthly.

8.0 Monthly Backups

Every month a monthly backup tape shall be made using the oldest backup tape or tape set from

the tape sets.

9.0 Age of tapes

The date each tape was put into service shall be recorded on the tape. Tapes that have been used

longer than six months shall be discarded and replaced with new tapes.

10.0 Responsibility

The IT department manager shall delegate a member of the IT department to perform regular

backups. The delegated person shall develop a procedure for testing backups and test the ability

to restore data from backups on a monthly basis.

11.0 Testing

The ability to restore data from backups shall be tested at least once per month.

74

12.0 Data Backed Up

Data to be backed up include the following information:

1. User data stored on the hard drive.

2. System state data

3. The registry

Systems to be backed up include but are not limited to:

1. File server

2. Mail server

3 .Production web server

4. Production database server

5. Domain controllers

6. Test database server

7. Test web server

13.0 Archives

Archives are made at the end of every year in December. User account data associated with the

file and mail servers are archived one month after they have left the organization.

14.0 Restoration

Users that need files restored must submit a request to the help desk. Include information about

the file creation date, the name of the file, the last time it was changed, and the date and time it

was deleted or destroyed.

15.0 Tape Storage Locations

Offline tapes used for nightly backup shall be stored in an adjacent building in a fireproof safe.

Monthly tapes shall be stored across town in our other facility in a fireproof safe.

This policy may contain descriptions about how various systems and types of systems are backed

up such as Windows or UNIX systems.

75

System Lockdown Policy

76

System Lockdown Policy1.0 OverviewThis system lockdown policy is an internal IT policy and defines a general process that should be used to lock down servers and workstations.

2.0 PurposeThis policy is designed to minimize risk to organizational resources and data by establishing a process for increasing the security of servers and workstations by stopping unneeded services and testing for vulnerabilities.

3.0 Server Lockdown and HardeningThis section describes a general process used to lock down servers. When they are initially installed and configured. Types of servers or equipment that need hardening include but are not limited to file sharing servers, email servers, Web servers, FTP servers, DNS servers, DHCP servers, Database servers, Domain controllers, Directory servers, Network devices such as firewalls, routers, and switches.

1. List services that will be required to run on the server. Examples include:1. DNS2. HTTP3. SMTP4. POP3

2. List services that are running on the server and turn off any that the administrator is sure are not needed.

3. Do a port scan on the server - Use a security tool to test and determine any ports that the server is responding to.

4. Shut down any services that are not on the required list of services for the server. Especially remember to shut down services listed in Appendix A - Services Recommended for Shutdown

5. Remove any unnecessary programs, services, and drivers from the server especially those not loaded by default on the server.

6. Patch the server with the latest patches and patch all services running on the server.7. Disable or change the password of any default accounts on the server or related to any

operating services.8. Be sure all passwords used to access the system or used by services on the system meet

minimum requirements including length and complexity parameters.9. Be sure all users and services have minimum required rights and do not have rights to

items not needed.10. Be sure file share and file permissions are as tight as possible.

77

11. Perform a vulnerability assessment scan of the server.12. Patch or fix any vulnerabilities found.13. Where appropriate, install and run additional security programs such as:

1. Anti-virus - Install and perform latest update of software and virus definitions.2. Firewall3. Intrusion detection software - Some approved host based intrusion detection

software is recommended to be run on all servers.4. Honeypot5. Change of system and system files detection

All this software should have the latest updates installed.

14. Set security parameters on all software such as where anti-virus programs will scan, how often it will scan, and how often it will get virus definition updates.

15. Enable audit logging to log any unauthorized access.16. Perform another vulnerability assessment scan of the server, and fix any discrepancies.17. Take additional account management security measures including:

1. Disable the guest account2. Rename default administrator accounts3. Set accounts for minimum possible access4. Be sure all accounts have passwords meeting minimum complexity and length

rules.18. Test the server to be sure all desired services are operating properly.

4.0 EnforcementSince locking down servers is critical to the security of the organization and everyone, this policy must be enforced by management through review and auditing.

Appendix A - Services Recommended for Shutdown

1. File and Printer Sharing for Microsoft Networks - Uninstallation of this service is recommended. This service is not needed unless you want to share a printer on your local computer or share folders on your local computer with other computers.

2. Messenger - Disable this service in the Services applet of Administrative Tools. This service has some serious security bugs and problems and has very little use for managing the network.

3. Remote registry service - This service should be set to manual or disabled since it allows people from remote locations to modify your registry. It is a serious security risk and should only be run if required by network administrators. Set this service to manual or disabled in the Services applet of Administrative Tools.

4. Secondary Logon service - If it is not necessary for lower privileged users to use the "Run As" command to run commands that only administrators or power users can run, this service should be disabled.

5. Universal Plug and Play Device Host service - It broadcasts unnecessary information about the computer running the service. It may be used by MSN messenger. This service is a high security risk and should be disabled unless dependent services are required.

78

6. Wireless Zero Configuration service - Used to support wireless connections. If you are not using wireless, this should be disabled. This service is a high security risk and should be disabled unless needed.

7. Computer Browser - For home users and most organizational users, this service can be disabled. Running this service is a moderate security risk.

8. NetMeeting Remote Desktop sharing - A person on a remote computer can access your desktop to help you. This service may be used by network administrators to help users with tasks. Normally this service should be disabled unless needed. Running this service is a moderate security risk.

9. Remote Desktop Help Session Manager service - A person on a remote computer can access your desktop to help you. This service may be used by network administrators to help users with tasks. Normally this service should be disabled unless needed. Running this service is a moderate security risk.

10. Network DDE Service - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. It allows two running programs to share the same data on the same computer or on different computers. Running this service is a moderate security risk. Normally this service should be disabled unless needed.

11. Network DDE DSDM Service - Manages DDE network shares. Running this service is a moderate security risk. Normally this service should be disabled unless needed.

12. NT LM Security support provider - Used for backward compatibility with older Microsoft operating systems. Running this service is a moderate security risk. Normally this service should be disabled unless needed or set to manual.

13. SSDP Discovery service - Allows the computer to connect with networked plug and play devices on the network. This service does not support internal PnP devices. This service should be disabled unless the computer needs to connect to external networked plug and play devices.

14. Telnet service - The telnet service allows a terminal connection to or from a remote computer but sends passwords in the clear. Running this service is a moderate security risk. Normally this service should be disabled unless needed or set to manual.

15. Terminal services - Allows a remote connection from a remote computer usually used by network administrators to help users. Running this service is a moderate security risk. Normally this service should be disabled unless needed or set to manual. This service is commonly used by system administrators to administer servers remotely.

16. Alerted service - The alerted service allows system administrators to send messages to selected users. This service should be disabled unless specifically needed.

Types of servers that need hardening (This list is not inclusive of all devices that should be hardened):

1. File sharing 2. Email Servers 3. Web servers 4. FTP servers 5. DNS servers 6. DHCP servers 7. Database servers

79

8. Domain controllers 9. Directory servers 10. Network devices such as firewalls, routers, and switches

Computer Training Policy

80

1.0 OverviewThis policy defines the minimum training for users on the network to make them aware of basic computer threats to protect both themselves and the network. This policy especially applies to employees with access to sensitive or regulated data.

2.0 PurposeThis policy is designed to protect the organizational resources on the network and increase employee efficiency by establishing a policy for user training. When users are trained about computer use and security threats, they work more efficiently and are better able to protect organizational resources from unauthorized intrusion or data compromise. This policy will help prevent the loss of data and organizational assets.

3.0 Training CategoriesTraining categories will include but not be limited to the following areas:

Basics:1. What files are2. How to set view for details and show extensions for known file types3. Why not seeing file extensions is a security hazard to you4. File storage size - how to determine5. Mail attachments6. Where to store files

How to use your network drive What your network drive is and what it means to you

7. How to copy files8. Ways to increase efficiency on the computer such as keyboard shortcuts

Ways to get malware:1. Through email2. Through browser3. By connecting4. By installing unapproved programs

Email viruses:1. How they spread2. Spoofing sender3. Dangerous attachments

Email SPAM1. Protect your email address2. Filtering spam

Hoaxes:

81

1. Phishing2. Fraud methods

Email use1. How to set up email for remote users or with your ISP with POP32. How to set up out of office reply3. How to set mail filtering rules4. How to use, import, and export personal folders5. What an undeliverable response to an email message means

Use of web browser1. Safe browser?2. Avoid adware and spyware - ignore ads that may compromise your computer or

get you to install an illicit program3. How to change browser settings for better security4. Products to prevent malware.

Passwords1. Why protect my password?2. Why do I need to change my password every 30 days3. How to change your password4. How to choose strong passwords that you can remember5. If I log in on a website can someone see my password?

Other1. Reasons for firewall -- worms and others2. Why worry about malware?3. What is a vulnerability?4. Why not run all services?5. Social engineering

4.0 Training OpportunitiesBasic training as listed in section 3.0 shall be provided internally by the organization and shall include the following opportunities:

1. Scheduled training seminars for 1 to 4 hours per day. 2. Brown bag lunch training for lunch time training for up to 1 hour per day on one or two

days per week.

5.0 RequirementsAll organizational staff shall make measurable and continuous progress in the training areas listed in section 3. Each employee manager shall be responsible for ensuring that employees under their supervision make progress in the required training areas. Each employee must retain knowledge about training in areas listed in section 3 within the first year of employment.

6.0 EnforcementSince training is very important to the security of the organization, auditing shall be used as a mechanism to be sure the training policy is being followed. Auditors may test employees at

82

random about their knowledge in the areas listed in section 3. If an employee gets malware on their computer, they may be audited.

Mobile Computer Policy

83

1.0 OverviewThis policy defines the use of mobile computers in the organization. It defines:

1. The process that mobile computers must meet to leave the corporate network. Both the device and any sensitive data should be password protected.

2. How mobile computers and devices will be protected while outside the organizational network.

3. The process that mobile computers must meet to enter the corporate network when being brought into a building owned by the organization.

2.0 PurposeThis policy is designed both to protect the confidentiality of any data that may be stored on the mobile computer and to protect the organizational network from being infected by any hostile software when the mobile computer returns. This policy also considers wireless access.

3.0 ScopeThis policy covers any computing devices brought into the organization or connected to the organizational network using any connection method. This includes but is not limited to desktop computers, laptops, and palm pilots.

Note:To write this policy, consider data and the sensitivity of the data stored and viewed on the mobile computer including:

1. Email2. Data the user is working on that is stored locally.3. Cached data that is stored locally such as cached data from the user's browser.

Windows XP allows for cached files to be encrypted using the encrypting file system (EFS).

4. Data from the internal network that the user may access while the computer is outside the network.

5. Locally stored user names and passwords.

Consider loss due to:

6. Theft - should locally stored data be encrypted?

84

7. Hard drive failure

4.0 ResponsibilityThe user of the mobile computer will accept responsibility for taking reasonable safety precautions with the mobile computer and agrees to adhere to this policy. The computer user will not be allowed to have administrative rights unless granted special exception by the network administrator. The user of the computer agrees not to use the mobile computer for personal business and agrees to abide by the organizational computer usage policy.

5.0 Connection Terms

8. Devices connected to the organizational network must be determined to be a benefit to the organization rather than convenience by the designated IT manager.

9. All mobile devices owned by the organization or allowed on the organization network must be identified by their MAC address to the IT department before being connected. (Possibly require static IP address)

10. The device must meet the computer connection standards described in the following section.

11. The device operator must be identified by name and contact information to the IT department.

12. The computer device operator must be familiar with the organization's acceptable use policy.

13. Devices not owned by the organization are subject to a software audit to be sure no software that could threaten the network security is in operation. All computing devices are subject to a software audit at any time.

14. Access rights to the organizational network cannot be transferred to another person even if that person is using an allowed computing device.

6.0 Mobile Computer Protection

1. Any mobile computer owned by the organization shall at all times operate the following for its own protection:

1. Antivirus program named _________________ with the latest possible virus updates. The program shall be configured for real time protection, to retrieve updates daily, and to perform an anti-virus or malware scan at least once per week.

2. A firewall program named _________________ with the latest possible updated. The program shall be operational any time the computer is connected to any untrusted network including the internet to protect the computer from worms and other malware.

3. Additional malware protection software shall be active on the computer in accordance with the anti-virus and malware policy.

4. The operating system and application patch levels must be consistent with the current patch levels of our organization for similar devices and operating systems. All mobile computers in the organization shall have wireless access disabled. If

85

wireless access is used, a specific protocol for wireless encryption shall be designated and configured. Also the maximum data sensitivity category shall be noted for the computer depending on the security of the wireless access and other features of the computer.

2. Policy for mobile computers owned by the organization and removed nightly by employees with permission to work from home.

1. These computers shall always meet requirement 6.0.1 above. 2. If at any time the computer shall fail to meet the requirement 6.0.1 above, the

employee shall report the condition to the IT Security department and a check of the computer equivalent to any check of an unsecure computer entering the building shall be performed.

3. It shall be ensured that unauthorized persons cannot gain access to the computer without a proper user identification and password. Operating systems that do not safely support this process shall not be used in mobile computers. The IT Security department will determine and specify the proper tools to be used for authentication and access controls.

4. Data to be stored on the computer will be evaluated and rated to consider the sensitivity of the data according to the Data Assessment Process document. Any data stored on the computer that is considered to be sensitive will be stored only in an encrypted format, possibly using an Encrypting File System (EFS). The policy must define the encryption tool to use and how it will be maintained.

5. The computer shall be checked weekly by IT Security department personnel at designated times when the computer will be entering a secure building area. The check will include a scan for malware and a test to determine whether the computer has a worm. The state of stored sensitive data shall also be checked to determine whether it is encrypted and whether data of too high a level of security is being stored on the computer. Remove any malware on the computer if any was detected. Log information about any malware found. Log any information about data that was not stored properly.

3. Policy for computers being used for travel - Protection of these computers shall be the encryption of all sensitive data and a requirement for a valid user ID to operate the computer.

4. These computers shall always meet requirement 6.0.1 above. If any additional software installation is required, it must be done and configured before the computer leaves the building.

5. It shall be ensured that unauthorized persons cannot gain access to the computer without a proper user identification and password. Operating systems that do not safely support this process shall not be used in mobile computers. The IT Security department will determine and specify the proper tools to be used for authentication and access controls.

6. Data to be stored on the computer during the time the computer is not in a security facility will be evaluated and rated to consider the sensitivity of the data according to the Data Assessment Process document. Any data stored on the computer that is considered to be sensitive will be stored only in an encrypted format, possibly using an Encrypting File System (EFS). The policy must define the encryption tool to use and how it will be maintained. Any data not considered to be safe to be stored on the computer will be removed using a designated program to be sure it has been removed so it cannot be read using special technology later. There will be a list of documented sensitive data including

86

storage locations for all sensitive data stored on the computer. This list will be created before the computer leaves the facility.

7. If there is a chance that the user will view any sensitive data using their web browser or other program, cached data will need to be encrypted. Cached data that is stored locally such as cached data from the user's browser will be set to be encrypted using the encrypting file system (EFS). This may require Windows XP or some third party software. In Windows XP, this may be enabled using the following procedure:

1. Open "My computer" 2. Click on "Tools" and select "folder Options". 3. Select the "Offline files" tab. 4. Check the box next to "Encrypt offline files to secure data". 5. Click "OK" to exit.

8. If the computer will acquire irreplaceable and valuable data while on the road, the computer user must notify the IT department so arrangements can be made for a method to back the data up.

Policy for computers being used by contractors

1. The computer will first be checked for compliance with section 6.01 above. 2. The computer will be scanned for malware and tested to determine whether the computer

has a worm. Any malware on the computer shall be removed if any was detected. Log information about any malware found.

3. If the computer is in compliance with section 6.01 and contains no malware, the contractor shall report any sensitive data related to the organization that is expected to be stored on the computer.

4. Data to be stored on the computer will be evaluated and rated to consider the sensitivity of the data according to the Data Assessment Process document. Any data stored on the computer that is considered to be sensitive will be stored only in an encrypted format, possibly using an Encrypting File System (EFS). The policy must define the encryption tool to use and how it will be maintained.

5. The ID of the computer shall be recorded and it shall be certified for use on the organizational network.

6. The computer shall be checked weekly by IT Security department personnel at designated times when the computer will be entering a secure building area. The check will include a scan for malware and a test to determine whether the computer has a worm. The state of stored sensitive data shall also be checked to determine whether it is encrypted and whether data of too high a level of security is being stored on the computer. Remove any malware on the computer if any was detected. Log information about any malware found. Log any information about data that was not stored properly. If the computer is storing data improperly, the certification of the computer shall be reviewed.

7.0 Protecting the NetworkMobile computers entering the network shall meet the following requirements.

1. If the computer is owned by the organization and used regularly by employees according to 4.0.2 above, then the computer shall be checked according to that part of the policy.

87

2. If the computer is owned by the organization and is returning from a period when an employee used it for travel, the following check shall be performed.

1. Determine whether the anti-virus program is up to date, has the latest virus definitions, is configured properly, and is running properly. If it fails one of these conditions or has not been scanned for a virus within the last week, a full virus scan must be done before the computer can be used in the building.

2. Test the computer and scan for additional malware such as adware or spyware test to determine whether the computer has a worm.

3. Test the state of stored sensitive data to be sure it is encrypted. 4. Remove any malware on the computer if any was detected. Log information about

any malware found. Log any information about data that was not stored properly. 3. If the computer is owned by an outside organization the following must be done.

1. The outside organization must agree in writing to allow a malware scan of their computer and agree pay any costs if malware is found on their computer.

2. A full virus scan must be done. 3. Test the computer and scan for additional malware such as adware or spyware test

to determine whether the computer has a worm. 4. Remove any malware on the computer if any was detected. Log information about

any malware found. The outside organization may be billed for services depending on organizational policy.

8.0 EnforcementSince improper use of mobile computers can bring in hostile software which may destroy the integrity of network resources and systems and the prevention of these events is critical to the security of the organization and all individuals, employees that do not adhere to this policy may be subject to disciplinary action up to and including dismissal.

88

Hardware Description

89

SEH ISD300-PoE Print ServerItem#:  YYI1-H01540  | Model#: M03722Price: $1,48608

SEH ISD300-PoE Print Server Product Details The Cost-Effective Spooling Solution with PoE-Technology!Print job spooling is one of the core tasks in a network. Inefficient spooling by means of traditional servers causes performance problems, is expensive and requires a lot of administration.The ISD300-PoE puts an end to this!The ISD300-PoE Intelligent Spooling Device connects to your network as a specialized network appliance, effectively spooling and managing all print jobs and handling all print queues - simple, cost-effective and highly available!And it offers a large range of application scenarios!Power-over-Ethernet (PoE) TechnologyISD300-PoE is equipped with Power-over-Ethernet technology. PoE-enabled network devices are powered via the data cable; eliminating the need for an external power

90

HP LaserJet Enterprise 700 M775f CC523A Multifunction Printer - Color Laser, Up to 600 x 600 dpi, Up to 30 ppm, 1536MB Memory, 320GB HDD, 8.07" Touchscreen, Hi-Speed USB 2.0, EthernetItem#:  H24-30400  | Model#: CC523APrice: $5,44999

HP LaserJet Enterprise 700 Multifunction Printer Product Details HP LaserJet Enterprise 700 M775f CC523A Multifunction PrinterThe performance-driven industry has finally met its match with the HP LaserJet Enterprise 700 M775f CC523A Multifunction Printer. The HP LaserJet Enterprise 700 M775f CC523A Multifunction Printer is a hardworking multifunction printer that boasts a stunning A3 color, robust scanning features, and high volume paper capacity minus the hefty price tag. Copy, scan, print, and fax with up to 600 x 600 dpi resolution from virtually anywhere using your smartphone or tablets – thanks to its HP ePrint. With up to 30 ppm print speed, you can definitely enhance your productivity. This printer's 8.07" Touchscreen makes navigating the device's features a breeze, as well as displays the content and settings with an outstanding clarity. Make use of its Ethernet capability to connect the printer to a wired network, and further enhance your workflow. So if you want a printer that caters to all of your documenting needs, purchasing the HP LaserJet Enterprise 700 M775f CC523A Multifunction Printer is the way to go.What It Is And Why You Need It:

Multifunction Printer; allows printing, faxing, scanning, and copying high quality documents 8.07" Touchscreen; makes navigating the features a lot easier Hi-Speed USB 2.0; lets you integrate various USB capable devices Ethernet; allows easy connection to a wired network HP ePrint; enables printing from your smartphones or tablets High-capacity automatic document feeder; keeps large scan and copy jobs moving

91

Barracuda 840 Load Balancer ADC w/5yr Energize Updates and Instant Replacement - 10GB Copper NICs,2U Rackmountable, 10 Ports,10Gbps, 500 Real Server, 30,000 IPv4,IPv6 - BBF841A55Item#:  BCU-102522038  | Model#: BBF841A55Price: $64,40799

Barracuda 840 Load Balancer ADC Product Details Barracuda 840 Load Balancer ADCGet high availability with reliable and smooth application performance by using the Barracuda 840 Load Balancer ADC. This load balancer comes with 5 years of Energize Updates and instant replacement. Equipped with additional 4 x 10 Gigabit Ethernet copper ports along with 8 x 1 Gigabit Ethernet port provides a high speed data transmission and application performance supporting up to 500 real servers. It effectively monitors the application usage and manages the traffic to get high availability of the application. In case of any issue with a particular server, it diverts the traffic to other servers supporting the required application. With up to 10 Gbps throughput, it can easily manage up to 30000 TPS SSL Offloading/Acceleration. It provides highly flexible load balancing as it supports Layer 4, Layer 7 protocols, IPV6, IPV4 or mixed networks. The ability to manage the request on the basis of location, application, IP address and the group allows an organization to manage server situated in different geographical regions along with creating a customized view for a region or group. You don’t need to worry about data loss as its advanced security system not only check the incoming request but also inspect the outgoing data and blocks or mask the sensitive information. It also protects from Cookie or form tampering, DoS, DDoS, SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF) etc. Buy the Barracuda 840 Load Balancer ADC now!What It Is And Why You Need It:

5 years of Energize Updates and Instant Replacement; provide new security definitions to have the highest security for your critical applications & assures replacement of the unit in case of a major failure.

Additional 4 x 10 Gigabit Ethernet copper ports; allows high speed application performance in LAN and WAN environments while balancing the load on various protocols such as layer 4, layer 7, IPV6, IPV4 or mixed networks

Authenticated access; the active directory and support to RADIUS or LDAP authentication let only authorized access to the applications

10 Gbps throughput; allows high speed application access with support up to 500 servers and up to 30000 TPS SSL Offloading/Acceleration

92

500 Series Performance Servers Offering exceptional performance and extraordinary value in a 1U server platform, the 500 series servers are ideal for data center applications that require a premium computing platform. Nfina’s Servers offer multiple options for CPU’s, Network, RAID, storage, memory, and Operating Systems. These options make our servers extremely flexible and customizable to meet your requirements.more 500 Series Performance Servers 528i4 Dual Processors

Product DetailsRequest Quote

1U rack-mount Intel® Processors E5-2600 Family 4, 6, or 8 cores per CPU Up to 256GB memory Up to 8 - 2.5" hot-swap drives SSD-E, SAS-E, or SATA-E drives Up to 8TB storage Quad 1GbE ports Dual 10GbE ports (optional) HW RAID & Caching (optional) Dual hot-swap power supplies Remote Management Module

Web server PowerEdge T630 Tower ServerPowerful, efficient, versatile.Drive a wide range of demanding workloads with a flexible server offering peak 2-socket performance and huge internal storage capacity.

Dell Price $160900 Processor

Intel® Xeon® E5 2600 v3 processorsOperating System

Microsoft Windows® Server 2008/2012 SP2, x86/x64 (x64 includes Hyper-VTM )Microsoft Windows® Server 2008/2012 R2, x64 (includes Hyper-VTM v2)Microsoft® Windows® HPC Server 2008Novell® SUSE® Linux Enterprise ServerRed Hat® Enterprise LinuxVMware® ESX

Chipset Intel C610 series chipset

Memory1

24 DIMM slots, DDR4 memory Architecture: Up to 2133MHz MHz DDR4 DIMMsMemory Type: RDIMM&LRDIMMMemory Module Sockets: Twenty FourMinimum RAM: 2 GB (one module)Maximum RAM: Up to 1536GB (24 DIMM slots): 2GB/4GB/8GB/16GB/32GB/64GB

Embedded Hypervisor (Optional)

93

Microsoft® Windows Server® 2008, with Hyper-VTMVMware® ESXiCitrix XenServer

Storage SAS, SATA, Near-line SAS, SSD, PCIe SSD:

18 x 3.5" HDD – up to 72TB via 4TB hot-plug SAS hard drives32 x 2.5” HDD – up to 32TB via 1TB hot-plug SAS hard drives Up to 4 optional Express Flash PCIe SSD’s

Drive Bays Internal hard drive bay and hot-plug backplane:

Up to 8 x 3.5” SAS, SATA, Near-Line SAS,SSD, PCIe SSD drives with optional flex bayUp to 18 x 3.5” SAS, SATA, Near-Line SAS,SSD drives without optional flex bayUp to 16 x 2.5” SAS, SATA, Near-line SAS, SSD, PCIe SSD drives with optional flex bayUp to 32 x 2.5” SAS, SATA, Near-Line SAS,SSD drives with optional flex bay

Slots Slot 1: Full Length, Full Height, CPU1 - PCIe Gen3 x16 (x16 connector)

Slot 2: Full Length, Full Height, PCH - PCIe Gen2 x4 (x8 connector)Slot 3: Full Length, Full Height, CPU1 - PCIe Gen3 x16 (x16 connector)Slot 4: Half Length, Full Height, CPU2 - PCIe Gen3 x8 (x8 connector)Slot 5: Full Length, Full Height, CPU2 - PCIe Gen2 (DMI) x4 (x8 connector)Slot 6: Full Length, Full Height, CPU2 - PCIe Gen3 x16 (x16 connector)Slot 7: Full Length, Full Height, CPU2 - PCIe Gen3 x16 (x16 connector)Slot 8: Half Length, Full Height, CPU1 - PCIe Gen3 x8 (x8 connector)

RAID Controllers Internal:

PERC S130 PERC H330 PERC H730 PERC H730P External:PERC H830

Network Controller 2 x 1Gb

Communications Broadcom® 5719 quad-port 1Gb NIC

Broadcom 5720 dual-port 1Gb NICBroadcom 57810 dual-port 10Gb DA/SFP+ CNABroadcom 57810 dual-port 10Gb Base-T network adapterIntel® Ethernet I350 dual-port 1Gb server adapterIntel Ethernet I350 quad-port 1Gb server adapterIntel Ethernet X540 dual-port 10GBASE-T server adapterMellanox® ConnectX®-3 dual-port 10Gb Direct Attach/SFP+ server network adapterMellanox ConnectX-3 dual-port 40Gb Direct Attach/QSFP server network adapterEmulex® LPE 12000, single-port 8Gb Fibre Channel HBAEmulex LPE 12002, dual-port 8Gb Fibre Channel HBAEmulex LPe16000B, single-port 16Gb Fibre Channel HBA Emulex LPe16002B, dual-port 16Gb Fibre Channel HBAEmulex OneConnect OCe14102-U1-D 2-port PCIe 10GbE CNAQLogic® 2560, single-port 8Gb Optical Fibre Channel HBAQLogic 2562, dual-port 8Gb Optical Fibre Channel HBA Qlogic 2660, single-port 16GB, Fibre Channel HBA, full heightQlogic 2662, dual-port 16GB, Fibre Channel HBA, full height

Power 1600W AC, 86 mm 13G (Platinum+)

1100W AC, 86 mm 13G (Platinum+)

94

1100W DC, 86 mm 12G (Gold)750W AC, 86 mm 12G (Platinum)750W AC, 86 mm 12G (Diamond)495W AC, 86 mm 12G (Platinum)

Availability ECC memory

Hot-plug hard drivesHot-plug redundant coolingHot-plug redundant poweriDRAC8Internal Dual SD ModuleSingle Device Data Correction (SDDC)Spare RankTool-less chassisSupport for high availability clustering and virtualization Proactive systems management alerts iDRAC8 with Lifecycle Controller

Graphics Card Video Type :Integrated Integrated Matrox G200 with iDRAC8

Video Memory: 16 MB shared with iDRAC8 application memory

GPUs – Support for up to four optional 300W internal GPU processing acceleratorsChassis

Form Factor: 5UHeight:8.73cm (3.44”)Width:48.2cm (18.98”)Depth:75.09cm (29.56”)Max Weight: T630 full system with 2.5” HDD: Max 2.5"x16 (6 fans) 37.57Kg/82.75lbMax 2.5"x32 (6 fans) 40.55Kg/89.32lbT630 full system with 3.5” HDD: Max 3.5"x18 (6 fans) 49.65 Kg/109.36 lb

Management Dell OpenManage portfolio of systems management solutions, including:

OpenManage Essentials console iDRAC8 with Lifecycle Controller

1.$1,395.00

VoIP 3CX Phone System 16 Simultaneous Calls (3CXPS16)SKU # 02-108153 A complete 3CX Phone System for Windows consists of the server software, soft phones or SIP hardware phones, and a VOIP Gateway to connect your existing phone lines. A VOIP provider can be used to leverage low cost calls across your user network. The system can use the existing computer wiring (and share the network point with the computer) and can be installed on an existing, non-dedicated Windows server (no need for Linux!) or run as a virtual machine. Say goodbye to expensive, proprietary, phone system expansion modules and costly phone bills! (Formerly 3CX Professional Edition Phone System)

95

Cisco ASR 1002 - Router - rack-mountable - with Cisco ASR 1000 Series Embedded Services Processor, 5GbpsItem#:  JIO-102814003  | Model#: ASR1002-5G/K9-RF

Price: $22,07499

Cisco ASR 1002 - router - desktop, rack-mountable Product Details The Cisco ASR 1002 Router in a 2-rack unit (RU) form factor comes with an integrated route and serial interface processors. It houses three shared port adapter (SPA) slots supporting single height and dual height SPAs. Configurable with either the 5 Gbps or 10 Gbps embedded services processor and four built-in gigabit Ethernet ports, it is an ideal solution for a large branch office or as a managed high-speed customer premises equipment (CPE) device to support enhanced features such as security, deep packet inspection, and firewall.

SpecificationsGeneral    Device Type:  Router - with Cisco ASR 1000 Series Embedded Services Processor, 5Gbps    Enclosure Type:  Desktop, rack-mountable - modular - 2U    Connectivity Technology:  Wired    Performance:  Bandwidth : 5 Gbps    Network / Transport Protocol:  L2TP, IPSec    Remote Management Protocol:  Telnet, SNMP 3, SSH    Encryption Algorithm:  Triple DES, AES    Authentication Method:  Secure Shell (SSH)    Features:  VPN support, MPLS support, IPv6 support, Stateful switchover (SSO), MPLS VPN, front to back airflow    Compliant Standards:  CISPR 24, EN55022, EN55024, CISPR 22, EN50082-1, EN 61000-6-1, AS/NZS 60950-1, EMC, ICES-003 Class A, FCC CFR47 Part 15, UL 60950-1, IEC 60950-1, AS/NZS 3548 Class A, CAN/CSA C22.2 No. 60950-1-03, GR-1089-CORE, VCCI Class A, GR-63-CORE, KN22 Class A, EN 300386    RAM:  4 GB

Expansion / Connectivity    Interfaces:  Management : 1 x 10Base-T/100Base-TX - RJ-45 ¦ Management : 1 x console - RJ-45 ¦ Management : 1 x auxiliary - RJ-45 ¦ 4 x SFP (mini-GBIC)    Expansion Slots:  3 (total) / 3 (free) x expansion slot ¦ 1 (total) / 0 (free) x

96

    Installed Modules Qty (Max):  1 (installed) / 4 (max)

Power    Power Device:  Internal power supply    Power Redundancy:  Yes    Installed Qty:  2 (installed) / 2 (max)

Miscellaneous    Rack Mounting Kit:  Included

Software / System Requirements    OS Provided:  Cisco IOS Advanced Enterprise Services

Dimensions & Weight    Width:  17.2 in    Depth:  18.1 in    Height:  3.5 in

Environmental Parameters    Min Operating Temperature:  41 °F    Max Operating Temperature:  104 °F    Humidity Range Operating:  5 - 90%

TrippLite B096-016 16-Port Serial Console Server Management Switch - 16x Ports, 2 Gig USB Flash Drive, Dual Ethernet, Dual Power Supply, Built-in Modem, RJ-45, USB, BlackItem#:  T105-5508  | Model#: B096-016Price: $1,66399

TrippLite B096-016 16-Port Serial Console Server M Product Details TrippLite B096-016 16-Port Serial Console Server Management Switch TrippLite’s B096-016 16-Port Serial Console Server Management Switch is the most advanced console server platform available today. In one secure appliance, it offers an in-band and out-of-band management solution for serial console ports, servers, virtual servers, service processors, UPS & PDU's, environmental monitoring and more. The TrippLite B096-016 16-Port Serial Console Server Management Switch enables system administrators to securely access and control their data centers and networks from anywhere in the world. The TrippLite B096-016 16-

97

Port Serial Console Server Management Switch is equipped with a built in modem, dual Ethernet, dual AC power, 2 gigs USB flash and runs on Linux for scalability and reduced downtime. What It Is and Why You Need It

Simple Cabling & Easy Installation 2 Gig USB Flash Drive for TFTP Server Hotkey Power on RPS/PDU

Specifications 2 x 6ft, Cat5e Patch cables 1 x DB9F - RJ45 Straight-Through Adapter 1 x DB9F - RJ45 Crossover Adapter

Features Dual Ethernet, Dual Power Supply, and Built-in Modem Secure In-band and Out-of-band access for a Host of Equipment LINUX with access to the Source Code for custom scripts

Cisco Small Business SG200-26P Managed PoE Switch - 24x 10/100/1000 Mbps Ports, 12x PoE Ports 2x Combo mini-GBIC - SLM2024PT-NAItem#:  C50-2188  | Model#: SLM2024PT-NAPrice: $42599

Cisco SG200-26P Managed PoE 24 Port Switch Product Details Cisco SLM2024PT-NA Small Business SG200-26P Managed PoE Switch The Cisco SLM2024PT-NA Small Business SG200-26P Managed PoE Switch is an affordable smart switch that combines powerful network performance and reliability with the essential network management features you need for a basic business network. The Cisco SLM2024PT-NA Small Business SG200-26P Managed PoE Switch provides basic management, security, and quality-of-service (QoS) features beyond those of an unmanaged or consumer-grade switch, at a lower cost than managed switches. And with an easy-to-use web user interface and the Cisco Discovery Protocol, you can deploy and configure a rocksolid business network in minutes. Purchase the Cisco SLM2024PT-NA Small Business SG200-26P Managed PoE Switch today! What It Is and Why You Need It:

24x 10/100/1000 Mbps Ports and 2x Combo mini-GBIC PoE Easy configuration and management Limited lifetime Warranty

98

Specifications Standards: IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab

1000BASE-T Gigabit Ethernet, IEEE 802.3ad LACP, IEEE 802.3z Gigabit Ethernet, IEEE 802.3x Flow Control, IEEE 802.1D (STP), IEEE 802.1Q/p VLAN, IEEE 802.1w RSTP, IEEE 802.1X Port Access Authentication, IEEE 802.3af, RFC 768, RFC 783, RFC 791, RFC 792, RFC 793, RFC 813, RFC 879, RFC 896, RFC 826, RFC 854, RFC 855, RFC 856, RFC 858, RFC 894, RFC 919, RFC 922, RFC 920, RFC 950, RFC 951, RFC 1042, RFC 1071, RFC 1123, RFC 1141, RFC 1155, RFC 1350, RFC 1533, RFC 1541, RFC 1542, RFC 1624, RFC 1700, RFC 1867, RFC 2030, RFC 2616, RFC 2131, RFC 2132, RFC 3164, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 2576, RFC 4330, RFC 1213, RFC 1215, RFC 1286, RFC 1442, RFC 1451, RFC 1493, RFC 1573, RFC 1643, RFC 1757, RFC 1907, RFC 2011, RFC 2012, RFC 2013, RFC 2233, RFC 2618, RFC 2665, RFC 2666, RFC 2674, RFC 2737, RFC 2819, RFC 2863, RFC 1157, RFC 1493, RFC 1215, RFC 3416

Minimum Requirements: o Web browser: Mozilla Firefox version 2.5 or later; Microsoft Internet Explorer version 6 or later o Category 5 Ethernet network cable o TCP/IP, network adapter, and network operating system (such as Microsoft Windows, Linux, or

Mac OS X) installed on each computer in the network Features

Easy configuration and management: Cisco 200 Series switches are designed to be easy to deploy and use by small businesses or the partners that serve them.

Performance and reliability: Cisco 200 Series switches have been tested to deliver the high availability and performance you would expect from a Cisco switch and help you prevent costly downtime. The switches speed file transfer times, improve slow and sluggish networks, keep your vital business applications available, and help your employees respond more quickly to customers and each other.

PoE: This capability simplifies the deployment of IP telephony, wireless, video surveillance, and other solutions by allowing you to send data and power to network endpoints over the same network cable. With no need for separate power supplies or outlets for IP phones, IP cameras, or wireless access points, you can speed up deployment and installation and take advantage of advanced communications technologies quickly, and at a lower cost.

Network security: Cisco 200 Series switches provide basic security and network management features you need to maintain a level of security for your business, keep unauthorized users off the network, and protect your business data. The switches provide integrated network security to reduce the risk of a security breach, with IEEE 802.1X port security to control access to your network.

IP telephony support: Cisco 200 Series switches include QoS features to prioritize delay-sensitive services such as voice and video, simplify unified communications deployments, and help ensure consistent network performance for all services.

IPv6 support: Cisco 200 Series switches provide native support for IPv6 alongside traditional IPv4. That means you can take full advantage of IPv6-enabled operating systems and applications in the future, without having to upgrade your network equipment.

Peace of mind and investment protection: Cisco 200 Series Switches offer the reliable performance, investment protection, and peace of mind you expect from a Cisco switch.

Multiple language options: The Cisco 200 Series is available in seven languages: English, French, German, Italian, Spanish, Japanese, and simplified Chinese.

Intermec 1552 Sabre™  Price:  The Intermec Sabre 1552 wireless scanner combines a sleek design, enhanced performance, and proven durability together in a high performance scanner that will enhance the productivity of your operators.

Operators will find the 1552 well-balanced, lightweight and easy to use in either hand.

The 1552 is durable in all environments, and capable of withstanding repeated drops of up to 6 feet. A large trigger and integrated site make aiming quick and simple, further increasing operational efficiency.

99

HP Z230 Workstation PC - Intel Core i7-4770 3.40GHz, 8GB DDR3 Memory, 1TB HDD, DVDRW, Windows 7/8.1 Pro 64-bit - F1L53UT#ABAItem#:  HQR-102355555  | Model#: F1L53UT#ABAPrice: $84999

HP Z230 Workstation PC Product Details HP Z230 Workstation PCImprove your everyday business productivity with the HP Z230 Workstation PC! This amazing workstation offers superb system performance for easier and faster task accomplishment. It is equipped with a powerful Intel Core i7-4770 3.40GHz processor to ensure seamless system operations. It also comes with a 8GB DDR3 Memory to ensure smooth multitasking. The HP Z230 Workstation PC can also support up to 32GB of DDR3 Memory, providing room to upgrade your system’s operation speed. Save various files with its 1TB SATA Hard Disk Drive. This workstation also allows you to secure your data as it supports RAID 0 and 1. Make sure your computing machine can keep up with your daily working needs, get the HP Z230 Workstation PC right away!What It Is And Why You Need It:

Intel Core i7-4770 3.40GHz processor; offers a powerful system performance 8GB DDR3 Memory; ensures seamless multitasking 1TB SATA Hard Disk Drive; lets you save files easily

100

Software Description

101

Microsoft Windows 8.1 PRO 32-Bit, Operating System Software - OEM DVD, English FQC-06988 Item#:  FIC-102028496 Price: $132.99http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=8588431&CatId=306BITDEFENDER ANTIVIRUS PLUS 2015

Price: $8995

http://www.tigerdirect.com/applications/SearchTools/search.asp?keywords=bitdefender+antivirus

http://www.tigerdirect.com/applications/SearchTools/search.asp?keywords=adobe+acrobat

Adobe Acrobat v.XI Standard - Complete Product - 1 User

102

Price: $299.00

Price: $69.99Office 365 Personal - English, 32bit/64bit, 1 Year

http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=8910715&srkey=FIC-102337557

103

More Secure

Other Software Oracle Java QuickTime Real Player VLC

104

Conclusiono We discussed how we are installing a High speed low

bottleneck infrastructureo We discussed the Equipment and priceso We discussed the policy’s for Nature’s Besto We touched on the Data backupo Our cost effective plan will provide Nature’s best

with their company needs

105