Hi,

We are working on a project for school and are tasked to develop an IT
department from the ground up for a company that currently has all
their data from HR documents to every transaction on paper. I am not
asking for answers to my schoolwork, just suggestions from
professionals in the field or people w/ experience..
 
The company is about 250 employees and I need to implement the
following:
 
1) Internal Internet 
2) External Sales and product information for inventory control and
automated ordering and sales features
3) Web host and internal Intranet network 
4) Hardware and software for 75 desktop systems supporting sales,
inventory, and production

I will be working on the Quality Assurance/Security portion of this
project and would like some advice from individuals with experience in
the field on the following:

What are some good tools to use for Quality Assurance/Security
What are some risks/benefits to these tools?

Basically I am going to have to verify and facilitate that everything
works correctly and is secure and just want to know the best way to
approach this.  I am very unfamiliar with this side of project
management.  Thanks in advance for your help!

You've just asked a $5.00 question that companies spend huge amouints
of money getting the answer to....for example, I work as an IT
consultant, and my typical hourly rate for this kind of work is about
$60 an hour....so you see, I wouldn't be able to give you much time
for your $5 :)

I would suggest you rethink your asking price....that way you may get
a researcher wlling to take your question on.

Willie-ga

That’s quite a question you have there, but let me see if I can’t give
you some advice from my own experience.

Firstly let me say that to fully answer your question a lot of
information is missing, like what exactly are you trying to provide
“quality assurance” on, and what are you trying to “secure”. Also the
way you are setting up this system would need to be known to provide
you with the best answers, but let me try to give you some simple
basics.

If you are hosting the sites and database yourself, on your own
computers, then security becomes a larger issue. If these sites are
going to be mission critical, and you can’t afford to hire a good and
experience IT team, then consider collocating the servers. Major ISP
offers web-hosting services, with security, monitoring, uptime
guarantees, and patching included. I am not talking about the “$6 for
unlimited bandwidth” type of web hosting, but something much more
substantial. These can seem to be expensive when you first see them,
but if your companies life depends on them then they can actually be a
fairly cost-effective solution for most people.

If you still want to host the servers yourself then you will need to
be responsible for the work yourself.

On the software side this means a very rigorous patching schedule for
all the computers on your network, at-least every two weeks an update
of the operating system would be recommended. Depending on how each
person needs to work with the computers I would suggest stopping
individual users from installing any software on any PC on the
network. Many users mistakenly install things that they shouldn’t,
which opens up security holes on your network.

One key to security is if you don’t need it, don’t have it. If the
people using the computers don’t need a CD-rom, or floppy drive in
their computer then remove them. Don’t just leave them there it opens
up possible problems.

Software as well should be limited to just a “what you need” basis.
Many servers like to run background services, which are not needed by
everybody. Depending on which OS you use, and which Server you run,
will makes it impossible to list all the things to do to secure a
server. There are however plenty of documents on the web that you can
search for that will help to secure your servers, especially if you
run a *nix server.

As for hardware I highly recommend a higher quality router / gateway
for your Internet connection. Not a cheap generic box. While they are
good for the majority of your network your interface with the world
needs something more upscale. Again this is a more expensive options,
but a good quality Cisco Router/Gateway will virtually NEVER give you
a problem, down time, and can be configured on a hardware level to
provide security for your network by blocking unused ports and IP’s
that the outside world does not need to get to. These sorts of
features are only available on the higher quality equipment.

Basically, to answer your question as simply as possible, there is no
“tool” that will do this for you. Security is about policies for the
most part, and keeping everything up to date with patches. Hackers and
intruders are always finding new ways into systems, so you have to
keep ahead of them, and remove anything they might be able to use to
their advantage.

As for “Quality Assurance” good equipment, and well maintained
operating systems with no clutter from useless installations of
garbage will keep things running smoothly. You may also want to get a
network-monitoring tool, or make a simple PERL script, that will
monitor special servers. These typically just ping the server to make
sure they are alive, the more advanced versions try to download a file
to verify they are still giving the correct responses. If anything
isn’t working correctly then it should send a text message to the
system admins mobile phone to alert them of problems.

I hope this answers something for you, but as willie pointed out this
is not a situation where you can just post a question and get a $5
reply that will work for you. Hiring somebody to help design the
system, and help set policies, will pay off in the long run.