Call Center Security SECTION 1 Introduction: One of the functions a company should perform when setting up a network is to look at their internal and external threats using the SWOT analysis. This analysis will allow the organization to assess threats to its business, personnel environment and devices used in their everyday operations. We looked at a number of factors including our network and the security measures we have into that network The first method we used in compiling this report was to look at a SWOT analysis which looks at the strengths, weaknesses, opportunities, and threats that may affect our daily operations.
This SWOT analysis looks at any internal and external factors that threaten the Call Center and to look at these factors so we can develop a plan on how to effectively deal with such threats. For clarification the influences that are associated with this Call Center deal with network and devices attached to the network, personnel, and environment. Internal Factors – these factors deal with the strengths and weaknesses of the various influences associated with our Call Center. (For example devices, personnel, and training) External factors – these factors deal with the threats of the various influences from outside the Call Center.
SECTION 2 Call Center review Environment: We looked at the environment in which the employees were working in and looking at securing this environment. One factor we did find was that the floor of the 911 Call Center may pose a problem with our network. In many of the 911 Centers around the country it has been noted that static electricity has caused some problems in these Centers. Flooring in the work area should be grounded and carpets and rubber type flooring should be avoided. The security of the work area was then looked at, we are going to use HID’s Physical Access Control Solutions with a Smart Card.
After doing some research we found that HID Global was the leader in this technology and is in compliance with the Federal Identity Compliance Initiative set out by the Department of Homeland Security. There readers use EAL5+ Secure Element hardware which is highly tamper-proof protection keys and cards. The biometric smart card will be able to be upgraded to PIV protocols set forth by Special Publication 800-116. After looking over this product it was hard to find any other product that compared to it or surpassed what it could do. Strength – HID Physical Control Access with biometric smart card to secure the working environment * Weaknesses – Flooring that might cause the buildup of static electricity and cause loss of data due to unshielded microcircuits * Opportunities – None identified * Threats – Static electricity that may cause computers to lose data. Recommendations: Prior to completing and moving in to this Call Center we look at the flooring and the computers to find if static electricity could be a problem and get the flooring grounded according to other Call Centers specifications. Please refer to the following website: http://www. taticworx. com/articles/curing_static_article. php ARJIS: Since our Call Center is dealing with multiple agencies, police, fire, and EMS, we looked at California’s Automated Regional Justice Information System, as a basis for our policies and the sharing of information. We found that this was a secure and efficient way of sharing information among all agencies. Network and peripherals: The next and biggest challenge to our analysis was looking at the network and peripherals that we want to use in our daily operations and in our mobile units. We looked at the equipment our Call Center was planning on implementing in our Call Center.
We looked at the possibility of the computers in question and how well they could with stand internet attacks from Trojans, worms, and viruses. SonicWall TZ-210 VPN Appliance: Upon researching this firewall we find this product to be highly secure, it offers a unified threat management that includes gateway malware control, intrusion prevention and content filtering. It has Wi-Fi support and is able to handle LAN and WAN connections. It comes with built in load balancing and able to handle virus, worm and Trojan intrusions in a multi-layer configuration.
It has 7 ports the two main ports are in gigabytes whereas the other five ports can only operate at 10/100MPBS only. The only noted problem with this application is that it does not inspect SSL – encrypted traffic and the use of a secondary antivirus program may be needed. We did find that it comes with a Total Secure package that can handle everything except spamware in this package. Reverse Proxy Server: Using the reverse proxy server is an excellent idea and it offers the user many advantages like encryption/SSL acceleration, load balancing, compression to speed load time, and security.
The only threat we found with using a reverse proxy server is that extranet publishing could expose the rest of our infrastructure from attacks from the internet. CIRA GPS: We researched this product and find that it is a very secure product. We could not find any threats associated with using this product with our Dual SSID’s and the only recommendation we could find is to ensure that WPA2 encryption is available in the product as it is the most secure encryption available.
HP DL380 G7 server: Once again doing research on this server we found that it was an excellent server that offers a lot of protection to our network. We could not find any threats that we could identify as being a problem with using this product. * Strengths – After exhausting research we found that our network and its peripherals are very secure and are of the most up to date products available on the market. * Weaknesses – SonicWall TZ 210 firewall may need another antiviral, spamware program installed to ensure the integrity and security of our infrastructure. Opportunities – If using CIRA GPS without the WPA2 security then there may be an opportunity for outside intrusions. It is important that this application be available in the product purchased. * Threats – There could be a threat from the using a reverse proxy server if facing the internet and the server is behind a firewall, it is recommended that this be investigated for this possibility. Employees: One of the threats we should look at is the possibility of an internal threat from our employees.
The most common internal threat is from employees that may be doing every day work, or during down time conduct other personal business on company time. Unauthorized usage: This category covers ex-employees as well as current employees that use the companies computers for other activities for which the company is not allow or sanction. Some employees may use the computer to buy things off the internet while at work; the most common use is EBay purchases. There is a host of other sites, such as pornographic sites and music sites that employees may conduct business with while at work.
Enable to catch these unauthorized uses our company should regularly employ an outside agency to perform an audit of activities to find the personnel responsible for such acts. Remote access: This category covers employees that may have good intentions but leave a big hole in the security of our computers. Sometime people may think that taking work home with them is okay and is not a violation of the rules. The employee installs a program which allows them to work on business documents at home, this program although not illegal may open holes for malware and one of the biggest external threats hackers.
Once these threats get into a computer they can be very expensive to get rid of and may compromise the company’s integrity. External Threats: These are threats that originate from outside the organization and may be hard to detect or counter, especially if there are holes in the security of the network. Hackers these people are probably one of the greatest threat to our network as they can find holes in our security and hack into our computers and find information about our business and the dealings we have with other companies.
These hackers, if professional enough can gain information that may be used by our competitors to undermine our business and wind up losing contracts or business. These hackers can cause a DDoS and cause problems with our Call Center. The other ways that hackers are able to get into a network is by doing what is called a port scan. This is done by searching for any open port by sending out a given address. Eavesdropping; this is done by looking for certain packets that are designed for a particular port and is a favorite of hackers.
SECTION 3 In Conclusion Summary: We find that after doing our SWOT analysis that we found very little threats to the security of our Call Center. One of the threats identified is static electricity which is easily fixed by ensuring we have the right flooring installed into the Call Center and that such flooring is able to be grounded. The only other threat is that a reverse proxy server facing the internet and having the servers behind the firewall could be a problem as the web application would be open to attack from the internet.
We looked at the major components of our network and peripherals and since they were of such high standards we did research on our switches and relays and found them to be of the same quality and no real threats were identified. As for the personnel that will be working in our Call Center we could not find any information on what their qualifications need to be or security levels each employee will need. It is the hope that the same high standards will apply to them as has been applied to our network and peripherals along with the high regards for security.