GFI Turn-Around IT Strategy

Turn-around Information Technology Strategy for Global Finance, Inc. (GFI)

Don't use plagiarized sources. Get Your Custom Essay on
GFI Turn-Around IT Strategy Research Paper
Just from $13/Page
Order Essay

GFI’s Authentication Technology and Network Security Issues


Global Finance Inc. offers services in the finance industry. This is a sensitive area of business that requires tight security policies and strategies to be implemented on the network of such an organization. GFI has, however, not given much attention to the IT department, especially, its security and thus the loopholes that exist and have been exploited by black-hat hackers. This is clear from the facts provided that the company’s oracle database has been compromised in terms of availability, confidentiality and the integrity of the data stored. Organizations in the finance industry have the integrity, confidentiality and availability of their databases as one of their biggest assets. A simple mistake or gap on such an organization’s technology policy and implementation may lead to huge losses that may see the organization going out of business. Any business organization that deals in the finance industry requires a strong IT department that is able to come up with strong policies, carefully implement them, monitor them and control any breaches on the system. To function as required and safeguard the assets of an organization, the strong IT department requires a sufficient budget and dedication from the top management.

A number of gaps in the network security and technology strategy of GFI can be identified from the details provided. Below is a discussion on the gaps and how the gaps expose the organization to various risks.

Authentication Technology and Loopholes at GFI

Authentication is a key aspect as far as the protection of information technology assets of an organization is concerned. various forms of authentication are available for use by organizations to keep unauthorized people from accessing the resources of the organization and probably compromising the confidentiality, availability and integrity of the data held in its databases. Some of the most common forms of authentication mechanisms include the use of suitable standard passwords and usernames for users while logging into the systems of an organization to carry out their roles. Biometric authentication is an effective method utilized by some systems to authenticate users into accessing the resources of an organization. Some organizations combine more than one authentication mechanism to improve the security of their assets (Cole et al., 1978).

GFI does not seem to consider authentication as an important aspect in its information technology strategy. Authentication mechanisms of an organization should trickle down from a policy to implementation by an able IT department. Going by the information provided about GFI, the organization does not have a policy of the most appropriate authentication mechanism in ensuring that only authorized individuals access certain resources of the organization. Thus, there is nothing that the IT department is expected to implement as far as authentication mechanisms are concerned. The GFI IT department should take time and design an authentication and accountability policy (Guichard & Apcar, 2001).

The simplest and effective authentication policy can revolve around the nomenclature of user names of the GFI staff combined with passwords of desirable parameters. Unique staff numbers can be used as user IDs when accessing the organizations systems to ensure accountability. In addition to the user names, passwords meeting the desired standards can be used to authenticate the users. Some of the necessary password parameters should revolve around the minimum length of passwords, complexity aspect of passwords, password expiry aspects, lockout durations when wrong passwords are used to access resources, maximum number of wrong password attempts when logging in and a requirement for users to change their passwords upon first logon. Weak authentication mechanisms are a dangerous aspect that exposes systems to black-hat hackers in compromising the resources of an organization (Mark & Lozano, 2010).

Going by the information provided, black-hat hackers have already accessed the resources of GFI and caused a number of undesirable effects. The IT department is said to have witnessed a sudden huge amount of data flowing into the oracle database. Possibly, this could be a denial of service attack launched by malicious attackers. They might have taken advantage of the poor or lack of an authentication policy and strategy by GFI. Social engineering could be one of the methods through which the hackers realized information about lack of authentication mechanisms by the organization as the huge surge of data into the oracle database was experienced after an article was published about GFI. The hackers might have launched brute force attacks using hacking tools such as Kali Linux and managed to get into the system. To prevent such attacks, there has to be a policy on accountability and authentication, specifying the standards of password parameters as mentioned earlier. The policy should then be implemented by the IT department. With the password policy enforced, it will be difficult for the black-hat hackers to launch brute force attacks as they will be locked out of the system after a given number of wrong password attempts (Evans, 2003).

GFI’s Network Security Issues and Recommended Mitigation Measures

GFI has a number of network security issues touching both on its WAN and LAN. To start off, let us focus on the LAN security loop-holes. There is no clear separation between guest broadcast domains and the staff broadcast domains. The information provided points towards the possibility of one being able to connect and access into the organizational network from the Wi-Fi solution implemented by GFI. Malicious individuals can take advantage of this loophole to access the resources of GFI. It is advisable that VLANs be used to establish a clear demarcation between guest networks and staff networks. Probably, the guest network should be set up in a separate VLAN from the staff VLANs. Access rules should then be implemented to prevent traffic from guest networks from flowing into staff VLANs. The range of IPs used in the VLANs should be different from the usual ones. Probably, the only resource that should be accessed by visitors from the organization’s LAN via the guest VLAN is the internet. This can be achieved by using the VLAN strategy and access rules strategy mentioned earlier. An access list should be included in the configuration of the router to prevent the guests from accessing staff resources, but allowing them to access the internet. The range of IPs in the guest network should be included in the set of IPs eligible for network address translation (NAT) and a route configured from the guest network to the internet (Furht, 2010).

To access the GFI LAN, one does not require a standard authentication, going by the information provided. This is a LAN weakness as elaborated earlier. Double authentication strategies are usually suggested for organizations to secure their networks from man-in — the middle attacks and other possible attacks. GFI might be using a WEP password on its wireless local area network or the hotspot might be open. With an open access point, one will be able to easily log into the network and launch possible attacks. With WEP passwords, hackers can crack the passwords using various hack tools and this might lead to access into the whole organization’s network. GFI should consider implementing either WPA or WPA2 password standards in their Wi-Fi access points as passwords with these standards are not easily cracked. The Wi-Fi authentication can be combined with a web-based authentication to protect the GFI network even further (In Kremar et al., 2014).

The distances within which the Wi-Fi access points transmit the signal is of essence when tightening the security of an organization’s network. At GFI, the wireless local area network is strong enough to cover huge distances hence they can be accessed from places outside the organization. This makes it easy for attackers to launch attacks into the GFI network with ease. One does not need to crawl with antennas within the premises of GFI to tap into the network through the broadcasted Wi-Fi signals. Restricting the Wi-Fi signals within the GFI premises could limit the chances of hackers getting into the organization’s network as they could be spotted and stopped on time. However, the ability of the GFI access points to transmit signals over huge distances to premises outside GFI gives the hackers ample time as they can do their hacking comfortably without being spotted. To prevent this, the IT department should configure the access points to broadcast their signals within the premises of GFI. A possible alternative solution could be orienting the antennas to face directions that will prevent signals from leaking to regions outside the GFI premises.

Looking at network security from the WAN section, data flowing through the VPN tunnels established over the internet is not encrypted. If this data is in the form of “http” traffic, it can be trapped used hacking tools such as Cain and Abel. The packets trapped can then be stripped down into both the payload and headers. Some of the packets carry password and username information. This can be obtained once these packets are stripped using the hacking tools. One can then log into the networks using the obtained credentials. GFI should ensure that the traffic transmitted via the VPN links is encrypted using suitable algorithms and keys to prevent man-in-the-middle attacks.

List of Access Points to GFI’s Network

GFI’s network and resources can be accessed from both internal points and external points. Internal points mostly allow staff to access the network and the underlying resources to facilitate day-to-day operations. External access points to the network allow customers, suppliers and other external stakeholders to access GFI’s underlying resources. To elaborate the various access points to the GFI network fully, we divide them into two as shown below

GFI’s Internal Access Points

Internally or from within its premises, GFI’s network and resources can be accessed from the following points.

Wired LAN connection available to the customer service department

Wired LAN connection available to the loans department

Wired LAN connection available to the accounting department

Wired LAN connection available to the credit department

Wired LAN connection available to the finance department

Wired LAN connection available to the management department

From the configuration and possibly network management workstation that is directly connected to the various servers.

Through the Wi-Fi signal that is available within the organizations premises all the six departments can access GFI’s network and underlying resources.

GFI’s External Access Points

GFI’s network and underlying resources can be accessed from outside the official premises from given access areas listed below

It can be accessed through the Wi-Fi signal that is transmitted beyond the perimeter walls of GFI’s premises.

Site- to-site VPN links that connect the various branches to the headquarters

Remote site VPNs that allow non-stationary employees to connect to GFI’s network and access the data stored in the Oracle database.

GFI intends to design and install a cloud computing system that will allow remote customers to access financial services over the internet from servers located at its premises. This is another possible point from which the network of the company can be accessed.

Remote dial-in sites from staff via the VOIP services provided by the PBX.

Designing a Secure Authentication Technology and Network Security for GFI

Authentication Technology Policy

Any control designed in an organization must originate from some policy framework statute. Individuals can never be held accountable for contravening some implemented strategies if these controls have not been documented in approved policies. Thus, the authentication technology that I will design will focus on the policy aspects and implementation of the controls outlined in the policy to safeguard the network and underlying resources from malicious attackers.

I propose a policy that requires all staff to have user accounts with unique usernames and passwords. The staff will use the staff numbers as their user names as they are unique and no staff shares such numbers. This will help GFI determine the activities done by each staff member and hold them accountable in case they contravene any policy requirements. The usernames should be paired with passwords that will ensure the users are authenticated before login into the system. The following aspects should be considered when configuring passwords:

Passwords should have a minimum length of 8 characters

The passwords should contain alphanumeric characters and special characters for complexity purposes.

The users should be prompted by all systems to change their passwords upon first logon into the system.

Users should not be allowed to use past passwords

The passwords should be changed after every 90 days

Users should not write their usernames and passwords on pieces of paper

GFI’s IT department and any outsourced IT function should ensure the above policy is implemented in all the systems used, to ensure the users are properly authenticated. This will be achieved by configuring the password policy parameters in every application accessed by staff, operating system accessed by staff and database accessed by staff.

Still on authentication, my design touches on the authentication mechanisms that should be configured for Wi-Fi and hot spots. The policy should contain a section mentioning WPA or WPA2 as the form of authentication to be used when authenticating users or guests using the wireless local area network. The passwords configured for wireless access points should follow the password policy guidelines. Apart from the normal WPA or WPA2 authentication set on all access points, GFI should include an extra web authentication mechanism. Through the web authentication mechanism, users will be required to have unique usernames and passwords to allow them access GFI’s resources via the wireless local area network. To achieve this control, IT should set up wireless access point controllers and radius servers for authentication purposes. Every other user should be configured with a unique username and password to access the organization’s network from a hot spot.

GFI intends to roll out cloud computing services that will allow their customers access information stored in their servers via the internet. This is a risky affair and it requires a unique type of authentication for purposes of security. Advanced two-factor authentication should be the policy requirement for such services, if GFI’s resources underlying its network are to be secure. The two-factor authentication should be configured for all applications accessed by customers via either the internet or any form of remote connectivity services.

To access the resources of GFI from its branches using site-to-site VPNs, employees should be authenticated. VPN Clients or web applications used to access data remotely from the branches should be configured to prompt users to key in user names and passwords to keep off malicious attackers from breaking into GFI’s network and compromising the underlying resources. Dial-up connections or remote VPN users should also have unique applications installed on their PCs to facilitate the authentication process. The VPN servers and gateways should be configured to prompt users to key in usernames and passwords to allow them access resources via the dial up or remote VPNs (McCabe, 2007).

Network Security Design for GFI

Apart from the authentication methodology designed for GFI above, other aspects of network security need to be addressed by GFI’s IT department to secure its assets. My design focuses on various security aspects that should be implemented by GFI on its network to prevent compromising of data stored in the database in terms of confidentiality, availability and integrity (Shneyderman & Casati, 2003).

VLANS are an important and essential configuration on any network to ensure proper separation of traffic that belongs to different departments for purposes of confidentiality. Unlike the idea of having separate physical subnets or broadcast domains for each department, VLANs are effective and a cheaper alternative. GFI should configure a VLAN for each of its departments and set out unique subnets. Routes to various VLANs from other VLANs should only be configured based on necessity.

Traffic originating from the LAN and going into the internet or remote sites needs to use secure protocols. For instance, HTTP traffic should be barred from going beyond the perimeter router of the organization. Even within the organization, such traffic should not be allowed to flow through the various components of the network. This is because this type of traffic can easily be decrypted once it is captured by tools such as Abel and Cain. Any passwords carried together with such traffic can be obtained by black-hat hackers and used to log into the network resources by such hackers. Telnet should be turned off on all network devices as both telnet traffic and passwords are passed through the internet in plain format without any forms of encryption. In place of telnet, the IT department should configure secure shell (SSH) for any device configurations that may need to be done remotely (Harrington, 2005).

Ports and enabled services are a vulnerability that attackers tend to exploit when trying to get into networks of organization. Each configured port allows devices to listen to a particular service on that particular port. The ports are configured to be either in the closed or open status. Services or ports not used in the organization are a quick point of attack that can be used by black-hat hackers. Only minimal ports providing the necessary services should be opened or turned on. All the other port numbers and services should be closed or turned off. Access lists in the case of Cisco devices or other forms of filtering traffic should be implemented on perimeter devices to ensure traffic trying to use closed ports does not flow into the organizations network.

Intruder detection systems and network monitoring tools should be adopted by GFI to secure its data from malicious attacks. GFI’s IT department should include intruder detection systems at the perimeter of its network. The intruder detection system is usually configured to detect unusual types of traffic such as SQL injection and configuration type of traffic from untrusted sources. Upon detection of such traffic, GFI should configure it to send alerts to appropriate personnel for appropriate action. Thus, if black hat hackers try to SQL inject GFI’s database, an alert should be sent to network management officers who will block any traffic from such sources from getting into the organizations network and carry out further investigation if possible, to catch up with the hackers (Pardoe & Snyder, 2005).

Anti-virus policies and regular updates are of essence on all network devices. GFI’s network and its devices has been a victim of a virus in the past that originated from the internet and corrupted its resources. A common server that updates or triggers anti-virus updates on all the network devices should be installed and configured by GFI IT department. Patches and fixes should be done on a regular basis to ensure GFI is using the most recent versions of applications and other software as old software versions tends to develop loopholes through which attacks can be launched.

Any data that is flowing through the internet or any other third party network into or out of GFI’s network needs to be encrypted and relayed through ‘relay tunnels’. From the information provided, it is clear that GFI does not have traffic moving through the various types of VPNs encrypted. This is risky as the traffic could be captured through man-in-the-middle attacks and used to launch further attacks that will compromise GFI’s data (Harrington, 2005).

Backups and setting up disaster recovery sites is of essence to ensure a business continues with its operations in case of disasters. The data backed up or stored in disaster recovery sites may come in handy when data in the primary sites is compromised by attackers. GFI does not seem to have a DRP site at least from the set of information provided. When GFI’s engineers noted that the integrity, confidentiality and availability of the oracle database had been compromised, they should have stopped any further flow of traffic to that database and redirected the traffic to a disaster recovery site database to ensure the operations continue operating as the process of identifying the source of the data surge goes on. To restore sanity on the data compromised, GFI could equally rely on the data backed-up on offsite media such as tapes. The tapes could be restored for a number of days just before the date of compromising to ensure the integrity, confidentiality and availability of data goal is still met (Ye, 2008).

GFI should also change the usernames and passwords for all network devices from the default set ups to other passwords and usernames to prevent attackers with the knowledge of such default passwords and usernames from exploiting this gap.

WAN Authentication Loop-Holes on GFI’S Network and the Recommended Solution

Wide area networks facilitate connection of distributed LANs. They come in handy when an organization has several branches, suppliers and staff working remotely, and in some cases the adoption of cloud computing. Security implementation in line with WAN connection is of essence as it is one of the loopholes that attackers can exploit in a network. GFI has a number of WAN solutions, including VPNs and the remote PBX dial in used by its staff. GFI is equally out to implement a cloud computing solution to allow its customers to perform transactions remotely. All these WAN connections need to be authenticated remotely using the most appropriate and secure authentication methodology. There are two major types of WAN authentication methodologies that include the Password authentication protocol (PAP) and the Challenge handshake authentication protocol (CHAP). In both cases, an authentication server is included close to the perimeter of a network to receive authentication related information and allow or deny devices from remotely connecting into the LAN in question. In the PAP authentication methodology, there is a pre-shared password between the remote device and the authentication server installed at the network. At the point of need of the remote device to connect to the network, authentication packets containing the pre-shared password are sent to the authentication server via the WAN link between the two devices. Once the authentication packets are received, the authentication server strips them to obtain the pre-shared password. The received pre-shared password is compared with the password stored in the server and if they match, a connection between the LAN and the remote device is established. However, if the two passwords do not match, the remote device is blocked form connecting to the LAN and the underlying assets. PAP authentication is a weak method of WAN authentication as the authentication packets are sent in plain text. Hackers are likely to tap the packets and use the passwords to create their own remote connections (Zhao and Li, 2013).

I propose that GFI implements CHAP as its WAN authentication protocol. CHAP is a stronger authentication protocol as compared to PAP. CHAP also involves the authentication server at the network edge and the remote device that is to access the network. However, in CHAP, apart from the pre-shared password between the remote device and the server, an extra authentication mechanism is involved. The server poses a challenge to the device that intends to connect remotely. The remote device solves the challenge and sends back a solution to the authentication server, a good example of the challenge could revolve around the MAC address of the device. Once the authentication server has received the solution from the remote device, it compares this solution with it is own stored solution. If these solutions match, then the remote device is allowed to connect to the LAN and the underlying resources. Otherwise, the remote device is denied access to the organization’s LAN and the underlying resources. The authentication packets and challenge related information sent during the CHAP authentication process is encrypted, thus making it a secure authentication protocol. GFI should install an authentication server close to the edge of its network and enable the CHAP authentication in both the server and any devices that are meant to connect remotely via any WAN link to the organization’s LAN.

Perimeter Security Loop-Holes on GFI’s Network and Recommended Solutions

The edge of a network and its connectivity to the external networks determines a lot in as far as its security is concerned. Traffic flowing into and out of an organizations network needs to be controlled to ensure the security aspects are well catered for. Organizations should deploy mechanisms of detecting unusual traffic and activities at the edge of their networks to ensure appropriate actions are taken in time when incidents are detected. GFI’s network solution does not seem to have any boarder security solution implemented. There are a number of connections to the outside networks and no mechanism has been put in place to detect unusual activities and respond with appropriate solutions. I recommend that a firewall be installed at the border of the network to control the flow of traffic into and from the GFI LAN network. The firewall should be configured with appropriate access rules to ensure only appropriate traffic from trusted sources flows into and out of GFI’s network. IT should also implement an IDS system at the edge of its network to ensure they receive alerts when there are inappropriate activities and data flow at the edge of the organization’s network. With this strategy, there are low chances of the organization’s network being broken into, and the IT department is able to detect attempts of hacking into GFI’s network by the use of alerts from the IDS system. The network diagram shown below fixes the loopholes that exist on the current GFI’s network and authentication loopholes (Barry, 2013).

Figure 1: A Secure Network Design for GFI

Addressing the CEO’s Concerns in Relation to Remote VPN Access by Mobile Staff

VPN is a WAN link that facilitates connection between two networks that are far apart. VPN is similar to other types of WANs, but it utilizes the internet as the form of connection between the isolated networks or devices. To set up a VPN link between two networks, a tunnel is configured between two edge devices of the networks. Data thus flows through the internet, but in a tunnel that can only be accessed through the edge devices, thus nobody else on the internet is able to trap or see the traffic as it flows through the tunnel. The data being transmitted via the VPN links can further be encrypted to secure it further.

two types of VPN connections are available, the site-to-site VPN and the remote access VPN. The CEO is worried about the security of the data flowing through the internet and being accessed by staff remotely. This is because one can never be sure that it is the staff connecting via the remote VPN and not malicious attackers. To further explain how network and data security will be achieved in the remote VPN connection, below is a diagram showing the VPN structure.

Figure 2: A VPN Structure Diagram

Remote staff device

Connection to the internet

Connection to the internet


Server connection to GFI’s corporate LAN

VPN server at GFI premises

The remote connection VPN shown above explains how GFI IT department should set out its connection for GFI staff who will be working remotely with an intention to access the corporate LAN and the underlying resources. Both the laptop used by a staff member from a remote area and the edge server require a connection to the internet as VPN transmits over the internet. A tunnel is established over the internet by configuring the VPN server to authenticate remote device before allowing them to access the corporate LAN. A VPN client, for instance, a Cisco VPN client application is installed on the staff member’s device. At the VPN server, the MAC address of the staff device and their login credentials are captured and stored in an authentication database. When there is need by staff to connect to the corporate LAN remotely, they simply start up their VPN client application. They are then asked to key-in unique usernames and passwords. The VPN server confirms what is keyed-in by the staff member against the login credentials in the VPN security database sitting on it (Camison, 2009).

Once a match is obtained, the server again checks the MAC address of the device logging in against the MAC addresses stored on its authentication database. If there is a match, then the server opens a connection between this staff device and the corporate LAN. If any of the above authentication procedures fail, then the remote login is not allowed to connect to the corporate LAN. This will ensure that only devices owned by GFI and whose MAC addresses have been captured in the authentication database sitting on the VPN server access the corporate LAN via the VPN link. Also, users have to be configured with unique usernames and passwords to ensure accountability. Further, the traffic flowing through the configured tunnel is encrypted, thus the organization will be free from unauthorized access, if the above design is implemented by the GFI IT department (Krutz & Vines, 2010).

A Secure Cloud Computing Design for GFI

Allowing customers to access GFI’s network by the use of cloud computing technology will expose GFI’s network and underlying databases to security breaches or risks. However, if proper implementation is done, the GFI management will have nothing to worry about. My design is an example of a proper implementation of the cloud computing technology by GFI. The design is as elaborated below;

Components and Requirements that GFI will Need to Establish the Cloud Computing Technology

A server on which the online transaction processing server will sit

The online processing application

A tab configured on the GFI’s website to allow customers to connect to the online application

A strong internet connection

An edge firewall between the online application database and the internet.

An intruder detection system or device between the firewall and the internet.

A strong internet link to the online application database via the IDS and firewall.

Figure 3: A Secure Cloud Computing Design Diagram for GFICustomer accessing online application via GFI’s website tab


Intruder detection device

To an isolated traffic monitoring device


Online application server

To organizations core system database

Design Theory and Elaboration of GFI’s Secure Cloud Computing Environment

The customers will need to access the online application server hosted on GFI’s LAN via the internet. The server and the setup can be managed by a service provider and a connection established between the online application server and the core business system of GFI. The customers will access the online application database and perform transactions via an online tab available via its website. The server will need to store three authentication items for each of the customers on its database. For instance, the database can be coded to throw a random question regarding the customer information held in the database to the customer trying to log in once they have provided the correct username and password.

The firewall installed between the online application server and the internet is meant to prevent some types of traffic from flowing to the server. For instance, any traffic related to server configuration should not be allowed to flow from the internet to the server as this might compromise the data held in the server’s database. The intruder detection device plays the role of detecting abnormal types of traffic e.g. SQL injection related traffic and alerting the network and security monitoring team. The alerts sent to the network monitoring and security team depends on the rules configured on the intruder detection device. The customers should be alerted on security related issues on the home pages of their accounts to ensure they take precaution while using the service. The rights of the customers should be limited to transaction-based activities and limits on the amounts that can be transacted via the online platform should be put in place to mitigate any possible losses in case the customer’s accounts are accessed by inappropriate people. No configuration or super-user rights should be mapped to the customer account profile.


GFI has previously outsourced its IT services and managed to save up to 40% of its technology related costs. However, it is clear that the company’s major business assets have been affected in a number of ways. The Oracle database, which is the major asset of the business in terms of data, has been compromised as black-hat hackers have previously managed to get into the system and interfered with its integrity, confidentiality and availability. Compromising the data of a business like GFI will see it lose a lot of money in terms of loans cleared from their systems without being repaid, inappropriate transfer of funds from one client account to another or possibly a total mess up of the financial data set held in the oracle database. If this occurs, GFI will lose sanity in terms of business as there will be no clear direction in terms of the financial services offered by the organization. Having a strong IT department tasked with the roles of securing the organization’s network, designing and implementing policies and coming up with business continuity strategies will go a long way as far as ensuring sanity in GFI’s business is concerned. Yes, GFI will incur some extra cost, but the long-term returns are worth it. Bring Your Own Device (BOYD) is one of the factors that has kept the CEO of GFI worried as this could hugely compromise the network and the underlying data assets. The designed network addresses his concerns as it ensures that any device that does not belong to GFI access limited resources. IT needs to implement the network design and ensure the policies explained as part of the design are properly implemented.


Barry, D. K. (2013). Web services, service-oriented architectures, and cloud computing. San Francisco, Calif: Morgan Kaufmann.

Camison, C. (2009). Connectivity and knowledge management in virtual organizations:

Cole, G. D., Branstad, D. K., & Institute for Computer Sciences and Technology. (1978).

Design alternatives for computer network security. Washington: The Bureau.

computing. Indianapolis, Ind: Wiley Pub.

Evans, S., & Institution of Electrical Engineers. (2003). Telecommunications network modelling, planning and design. London: Institution of Electrical Engineers.

Furht, B., & Escalante, A. (2010). Handbook of cloud computing. New York: Springer generation wireless systems. Indianapolis, Ind: J. Wiley.

Guichard, J., Pepelnjak, I., & Apcar, J. (2001). MPLS and VPN architectures. Indianapolis,

Harrington, J. L. (2005). Network security: A practical approach. Amsterdam: Elsevier.

In Krcmar, H., In Reussner, R., & In Rumpe, B. (2014). Trusted cloud computing.

IN: Cisco Press.

Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud

Marks, E. A., & Lozano, B. (2010). Executive’s guide to cloud computing. Hoboken, N.J:


McCabe, J. D. (1998). Practical computer network analysis and design. San Francisco, Calif:

Morgan Kaufmann Publishers. Networking and developing interactive communications. Hershey, PA: Information Science Reference.

Pardoe, T. D., & Snyder, G. (2005). Network security. Clifton Park, N.Y. [u.a.: Thomson.

Shneyderman, A., & Casati, A. (2003). Mobile VPN: Delivering advanced services in next

Ye, N. (2008). Secure computer and network systems: Modeling, analysis and design.

Chichester, England: J. Wiley & Sons.

Zhao, H., & Li, X. (2013). Resource Management in Utility and Cloud Computing.

Dordrecht: Springer.