Question

The new Exam Company, which  will specialize in hosting online examinations, has just hired you to be the network administrator responsible for all network platforms and services. The data network will be located in a single data center. The Chief Security Officer (CSO) has asked you to provide a basic network security plan that would provide critical internal network security controls, including a secure means for delivering examinations via the Internet.  

Answer 1

When considering the solution to this problem, it important that this company has all of its system protected with firewall and antivirus, but it is also important that the firewall does not block the person trying to gain access to the test because they are supposed to take it. The security needs to have a filtering ability that will be able to identify the person's identity and decide if that person is allowed. There need to be a way to authenticate the other person identity, so there needs to be a login in system with a username and password (that is save internally in the Exam Company system, so this the storage of this information must be encrypted from attackers). Overall, the company must have a backup of the username and password information that they store.  When the person taking the exam logins in, there should be another system to make sure that it is really them, and the best method to ensure this is the two-step authentication process, which means that either theiir email or phone that is in the system file, would get a code that  they enter to login in and would expire after a certain time period.. Since all data network will be located in a single data center with probably limited their network system shoould set up an access control list with rules. The source  IP address (person taking exam) would pass through the SPI and the packet  will be inspected if it passes the rules then it will be able to reach its specific destination server. Any packet that is not allowed to connect would be dropped and logged by the system.

For the examination to be secure and deliver through the Internet, then there needs to be a way to authenticate the examiner identity, so there needs to be a login system with username and password that is save internally in Exam Company system, which means that this information need to be encrypted from attackers.