Question

Part 2 Chapter 3 page 127, Problem 1: Network Access Control Problem Description Ajax Automotive services retail automotive centers the east coast by supplying them with quality car and truck parts such as brake pads, oil filters, water pumps, etc. The company’s 123 sales representatives work exclusively in the field visiting client company locations and submitting sales orders from laptop computers via an internet connection to the corporate offices in Delaware. All of Ajax’s sales orders are received in this manner. Customer account, sales history, inventory, and cash receipts records are stored on a central server at the corporate site. Customers are billed digitally from the corporate office on a net 30 basis. Required Briefly outline the access controls that would be appropriate for this situation. Explain why these controls are necessary? Your response must include the following terms: Data encryption techniques, digital signature control, encryption, onetime password system, firewalls and intrusion prevention software, virus protection software and various network control devises such as message sequencing numbers.

Answer 1

The goal of access control is to minimize the risk of unauthorized access to physical and logical system. Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data. In this situation Ajax’s sales representatives are working in deferent places and communicating from laptop to corporate office. For Ajax’s working situation access control is very important as its sales representative are placing orders and billing to customer are taking places through network via laptops. Working through internet should be given extra care of security as it can leak sensitive information of the company.

To control the access of only authorized personnel an appropriate access control must be placed in organization. To control unauthorized access data encryption technique should be placed as it can help to keep secure data by encryption as people with decryption key only access the data. Digital signature should also help to control the access of information and only authentic information/data can be access. One time password should also be incorporated in system so that one time access facility provided for a transaction/information. By implementing this unauthorized access will be eliminated as only authorized person will get onetime password. To protect laptops and other devices from viruses and other malwares firewalls and intrusion prevention software, virus protection software and virus network control devices should be incorporated and implemented in the organization to control the access in this type of working situation.