CASE STUDY: BUZZCORP
BuzzCorp is a growing IT company that specializes in computer graphics for Fortune 100 companies. BuzzCorp has quickly grown to become one of the largest video-editing services for the northeastern United States. As one of the industry's top companies, BuzzCorp is committed to leading with the best talent, technology, and groundbreaking ideas in order to provide their clients with the best possible products.
Wireless Setup
The BuzzCorp office has a large executive conference room that the company currently uses for meetings. To enhance productivity, the company has decided to deploy a wireless network in the conference room to allow clients and employees to share files and connect to the Internet easily. The plan is to place a single wireless access point in the conference room and allow for Internet access through the company's existing Internet connection.
Wireless Risks and Security Controls
The management of BuzzCorp is aware of the risks associated with providing wireless connectivity in the conference room and the potential security issues that may arise from allowing guests and clients to use this network. These concerns include unauthorized use of the wireless network, the ability to leverage this connection to gain access to the corporate network, and the increased trust given to connections that originate from behind the main corporate firewall in the demilitarized zone (DMZ). Because of these concerns, the IT manager has mandated that several security controls be implemented prior to deploying the wireless network.
To protect the confidentiality of user's data in transit and to limit access to the wireless network to authorized BuzzCorp employees, corporate guests, and clients, the wireless network will be secured using WPA with a pre-shared key. Due to the open nature of the conference room and the diverse range of people who will require access to the wireless network, BuzzCorp IT has decided to distribute the encryption key freely but limit its use by rotating passphrases every month. The wireless access point routes traffic into the corporate DMZ and then out through the Internet. Employees who want to access the corporate network from the wireless network must utilize the BuzzCorp VPN. This configuration provides Internet access for wireless users but also protects the organization by requiring additional authentication to access the BuzzCorp network. Extra firewall rules have been added to the DMZ firewall and main corporate border firewall to limit traffic from the wireless network to only the Internet and the corporate VPN server. Additionally, all users who connect to the wireless network must agree to adhere to corporate information security policies, which lay the groundwork for policies such as acceptable use and privacy expectations when using BuzzCorp's IT resources.
BuzzCorp's IT management believes that these controls will be sufficient to reduce the risk to an acceptable level for the organization while providing wireless access in the conference room.