Assignment Help - homework help

Identify and address any other security concerns the client


Coffee and Company Security Case Study

Your client runs 4 coffee house locations in a single college town. For ease of management and expansion, the shops are all provisioned with a common set of foodservice and IT equipment, but each location has a unique theme applied for the décor. When the wireless network was deployed at the original location, the managers there started to maintain a presence in the public area of the store and circulating with the customers, they didn't stay "cooped up" back in the office. The name of the shop was changed to represent the "community feel" that this generated and which is now a hallmark of the "Coffee and Company" experience. Each manager is encouraged to put their own "stamp" on the flavor and décor of their store. Stores are referred to by clients, management and employees by nicknames relating to the décor - e.g the Green store, the Glass store, the Beach store, etc. To keep things fresh, stores are redecorated regularly, so a single store may have many identifiers depending on when a customer started coming or when an employee was hired.

Each store has a manager's office which is physically separate from the food preparation and customer service areas, but to which all employees are allowed physical access. The manager's office at the original location also serves as "corporate headquarters" for record keeping and IT purposes. Working files from this computer are copied to a USB hard drive to protect against file loss. Many of the choices that are currently in place were decided upon years ago and have simply been recreated as additional sites were brought online. There is currently no formal process in place for measuring network performance or evaluating the reliability or security of the network or of IT operations.

The company has purchased a "business bundle" of Internet access, telephone service, and cable TV from the local ISP. Managers in each location use FTP through the internet connection to upload sales and inventory information a folder on the "server" at the headquarters office which is really just a set of shared folders on that manager's computer named by store decor. All locations have a consumer-grade broadband router/firewall with a single wireless network configured. This network provides connectivity for the 2 thin-client based point-of-sale cash registers and a computer in the manager's office which hosts the point of sale application and is used for record keeping and scheduling of staff at that location. The wireless network also provides Internet access for customers of the coffee shop. For consistency between stores, the network is set to support 802.11 b and g clients, and uses a WEP key which is printed on all receipts and prominently posted for the convenience of the customers. The same key is used in all locations so that customers have easy access to the Internet from whichever location they happen to be visiting.

Each location manages their own employees' schedules and accounts in the scheduling and point of sales systems. Much of the workforce is made up of college students, some of whom work seasonally, work at multiple stores, and who may drop or add to their desired number of shifts based on their course load. Many long-time employees know each other's' access codes for the point of sale system. Sometimes when the shop gets busy, servers enter orders, payments, and tips for each other in the point of sale system. While this does sometimes help service customers more quickly, it has led to some problems appropriately managing the distribution of tips and sales commissions.

Customers were complaining that access speeds for the Internet have been slow at several locations, so the speed of the connection at all the locations was increased, but the responsiveness of the network has not improved much, if at all. Some customers are hesitant to make use of the network due to performance concerns or because their new devices won't connect, others have expressed concerns about data security.

Recently, a fire in a neighboring business required an evacuation of the headquarters location. While all store locations are in compliance with applicable building codes and have passed safety inspections (fire suppression, emergency lights, etc.), power was lost and due to the possibility of structural damage both the coffee house location and the management office were closed and inaccessible for several business days. During this time transactions from the other shops could not be uploaded as the headquarters computer was not accessible - no one could get to it to boot it up after power was restored. Once the location was brought back online, after a couple of days all transactions eventually sync'ed up.

The original owner of the chain has recently entered "semi-retirement" and is turning daily operations over to her daughter. The daughter has recently received a new set of standards from their credit card processing company and feels that it may be time to re-examine the IT infrastructure and the security of the current network. She has requested that you prepare a report detailing the current solutions that are in place and compare them to currently accepted practices. Where the current solution is not up to standards, she requests that you provide a recommendation to correct the situation. She has articulated the following goals. Those marked with an asterisk are conditions of the credit card payment processing contract and are non-negotiable.

- *Credit Card transaction processing traffic may not be transmitted wirelessly

- *Credit Card transaction processing traffic must be on a separate network from customer internet traffic

- Free customer wireless access must support modern laptops, netbooks, tablets, and smartphones

- There needs to be a way to track who is using the wireless bandwidth, both for performance tuning and marketing promotions (e-coupons for frequent surfers, etc.)

- Customers must feel confident using the network for shopping and finance transactions as well as for casual surfing and email use

- The store managers need the ability to access managerial information within the store while circulating with the customers

- Interruptions at any one location should not impact operations at any other location. The centralizing of inventory and sales information has been working very smoothly, but having it out of reach for several days should not happen again.

- Since personnel often move between store locations, point-of-sale and scheduling operations should be integrated across all the stores.

- There should be no question as to which store a particular record or report refers

- All sales and service transactions must be entered by the responsible server. It must be impossible for servers to access each other's accounts in the point of sale system.

- There is no plan to establish a permanent IT staff position. The current "parallel design" is comfortable and allows for simplified management as all stores are the same. The customer would like to see this continue.

- Proposed changes should tighten up security and operational reliability, but not change the customer experience or ambiance of the stores

- Identify and address any other security concerns. The client realizes that her expertise is in coffee and hospitality - she's looking for expert professional guidance in your area of expertise.

Request for Solution File

Ask an Expert for Answer!!
Computer Network Security: Identify and address any other security concerns the client
Reference No:- TGS02308392

Expected delivery within 24 Hours