Layering Protection Exercise

Jill & Roy's Accounting - Case Study

You should be familiar with this case study from an earlier lesson. We'll be reusing it throughout this one.
Jill and Roy provide accounting services throughout their area. They employ 7 full-time workers: 4 accountants, 1 office administrator, and themselves. They also have about a dozen seasonal workers during tax season.

They use Microsoft 365 (aka Office 365) for all of their office applications (email, word processing, spreadsheets, etc.). For their accounting, they use Intuit's Quickbooks and ProConnect online versions. They have a single office with a network router to their ISP, a Linksys LGS116P Ethernet Switch and a Linksys AC1900 WiFi Router.

The full-time accountants each have a Lenovo ThinkPad T490 and the office administrator has a Lenovo desktop. All company workstation computers use Windows 10, Google Chrome for their standard web browser, and all users have administrator access on their PC. They also have one internal Windows 10 Lenovo desktop that they use as a centralized print and file server that sits in the main office area. Only Roy, Jill, and the office admin have an account on it. They recently allowed Remote Desktop Protocol (RDP) into it to allow employees to access files from home. The temporary workers use their own laptops, which are a mixture of Windows and Macs.

The office has a Bring Your Own Device (BYOD) Policy for all cell phones (a mix of Apple iPhones and Android). They have a contract with a local IT company to provide services, which includes a weekly backup of the file/print server, monthly updating of all computers, and maintenance of the network equipment.

Answer the questions below based on this case study.

QUIZ QUESTION::

Match the Layer with the technology used by Jill & Roys.

ANSWER CHOICES:

Quickbooks

Linksys Ethernet Switch

iPhone and Android smartphones

Microsoft Windows 10

Employees

Personally Identifiable Tax Information

Layer	Asset
Application
Operating System
Network
Mobile
Human
Data

SOLUTION:

Layer	Asset
Application	Quickbooks
Network	Linksys Ethernet Switch
Mobile	iPhone and Android smartphones
Operating System	Microsoft Windows 10
Human	Employees
Data	Personally Identifiable Tax Information

From the Center for Internet Security Benchmark website, select the benchmarks that you think apply to Jill & Roys.

Debian Linux

Microsoft Office

Microsoft Windows Desktop

Print Devices

Apache Tomcat

Google Chrome

SOLUTION:

• Microsoft Office
• Microsoft Windows Desktop
• Print Devices
• Google Chrome

QUESTION:

Based on what you've learned so far, provide 1-2 sentences to Jill & Roy about how they are layering security and any potential recommendations. You'll build on this in future lessons.

ANSWER:

Jill & Roys have a satisfactory layering of security by using a network switch as their firewall and by using cloud services for many of their applications. Most of their critical data is stored in the Intuit cloud.

By opening their Windows 10 File Server to the Internet, they are potentially by-passing the layering and allowing direct access into their work environment.