
Globex Corporation Case Study
Globex Corporation was founded in 2013 by the merger of two large regional business, Riverina Precision Farming, and B T & Sons Farming Equipment. Globex Corp is located in Wagga Wagga, NSW. Within Globex there are two arms to the business, Globex Farm Equipment, and Globex Precision Farming.
Globex Farm Equipment
The Globex Farm Equipment team has over 30 years of experience in agricultural business and are the largest in the Riverina region due to their vast inventory, years of experience and most importantly their commitment to serving farmers for the future. Globex Farm Equipment Sales, Parts and Service representatives have completed training on the newest technologies and are experts at helping famers plan for the future. They stock a wide range of new and used equipment enabling their customers a wide selection of units to choose from and with warehouses full of parts inventory they can promptly get the parts to meet customers need.
Globex Precision Farming
Globex Precision Farming solutions (formerly Riverina Precision Farming) enhance the efficiency of farming, so that farmers can quickly and easily improve everyday planning, decision-making and overall strategy for their operations. Globex Precision Farming integrates a wide range of positioning technologies including GPS, laser, optical and inertial technologies with application software, wireless communications, and services to provide complete commercial solutions. Its integrated solutions allow customers to collect, manage and analyze complex information faster and easier, making them more productive, efficient and profitable.
The company has a total of 23 staff, who include management, accounting, human resource, administration, marketing & sales, farming consultants, and IT sys admin staff. The company consists of the following staff:
- Management (2 staff)
- Accounting (1 staff)
- Human resource (1 staff)
- Administration (6 staff)
- Marketing & Sales (5 staff)
- Farming Consultants (4 staff)
- IT Systems Administration (4 staff)
The company has dedicated IT systems administration staff on site that are responsible for the management of networking and server infrastructure, but they are usually called upon to assist with other administrative tasks for the company. Effective systems administration is somewhat hampered by the fact that the administrative passwords are generally well- known across the company. Globex Corp employees enjoy free, open, unrestricted access to the Internet, but realistically they only need to access certain websites on the Internet.
Company management would like to minimize the cost of accessing web resources.
Infrastructure
The company has a mixture of some newer and some relatively old PCs used as staff terminals. The company also has 5 MacBook laptops running OS X, which are mainly used by the sales staff.
The company uses several servers to conduct its core business.
- 1 x Active Directory domain controllers on Windows Server 2008 R2;
- 2 x SQL Server 2003 database server on Windows Server 2003;
- 2 x Windows Server 2003 File and Print servers;
- 1 x Exchange 2007 email server on Windows Server 2008 R2;
Each of these servers are independent machines with relatively vanilla installs of their respective operating systems. The servers are not running the latest operating systems, nor have they been recently patched. All servers have publicly accessible IP addresses and hence can be accessed from the Internet.
Apart from the 2 x SQL 2003 database servers (Core i5 + 16GB), all other servers are commodity x86 servers that have been purchased as required. There are no maintenance contracts on either the hardware or any installed software. Most of the servers and desktops are over five years old.
Services and Data
The servers store the following;
- User home directories;
- Mail;
- Active Directory Meta Data Object;
- Farm Equipment data directories;
- Precision Farming data directories;
- Corporate finance and personnel data;
- Web page data;
- Customer data;
- Market intelligence and strategic planning data;
Most services are only used within the company, however the company does have an internet presence via its web pages and mail server. Some of the Farming consultants also work from home in the evenings and access some services from their home workstations, tablets or mobile devices. Disks in the servers have not been setup for redundancy or fail over. In the event of a server diskloss, all data on the disk is lost and the service associated with it fails.
The most important data to the company, in order of importance, is:
- Corporate finance data
- Precision farming data directories,
- Farming equipment data directories,
- Strategic planning data
- Customer planning data,
- Personnel data,
- Web page data,
- Email,
The management of Globex insist that the integrity of this data must always be preserved.
Administration
The company does not have a clear patching and update policy. As a result, most servers and desktops are patched on an ad-hoc basis and as time, and operations, permit.
Most of the staff in the company knows the administration passwords for the servers and desktops. It should be noted that all users have accounts on the mail, database and database servers.
The administration of the servers tends to be haphazard. There are often storage issues with storage as disks fill up regularly. There are a lot of active but unused accounts for users who havenow left the company. The company is dependent on its servers for continued access to services,but there are no monitoring systems in place.
Security
The company does not have a firewall or any other security system in place. Currently all services offered by the servers are accessible via the Internet. All servers, and most desktops have a basic anti-virus system in place, but it has not been updated recently.
There is no anti-virus on the MacBooks as the company has been told that MacBooks
“don’t get viruses”. There is no overall email virus protection in the company.
External hackers have compromised some desktop machines in the past. The company’s sys admin staff think that their servers have been attacked at least 4 or 5 times in the past 12 months. The administrators are reasonably confident that the servers have not been compromised. That said, when a machine is compromised; the administrators merely disable the hack and continue to allow the machine to be used. Most compromises are noticed too late, i.e. well after the hack has occurred. The sys admin staff have found some strange code packages on some of their servers, but have just deleted them in most cases. If the packages were found again they have assumed that they are part of the operating system and have been downloaded again by the server’s operating system.
Backup and Disaster Recovery
The sys admin staff back up the data directories each week to a portable USB drive. This drive is givento the CEO who takes it home. Backups have often been missed because the CEO has either forgotten to bring the disk back to the office, or he has gone away and the disk cannot be accessed.
The company does not have any formal backup or disaster recovery systems/ procedures.
Network and Physical Location
The servers and core network infrastructure are located in an unlocked room next to the common workspace of the company. In addition, the servers are on the same networks as user workstations and there is no network security. The company is connected to the Internet via an NBN connection.
Individual Workstations & Passwords
Each employee has a desktop computer. Most of the computers are running a vanilla install of Windows 7 Enterprise that, in most cases, has not been patched since install. Employees often keep corporate data on these desktops in their home directory, which is not backed up.
In addition to this everyone has administrator privileges to their workstation. As the environment is relaxed, a user can have accounts on other employee computers possibly using the same or different password.
The company has no hard and fast rules about passwords; in fact the most common password used is the person’s name. These passwords are also indicative of the passwords that are used onthe servers.
Management approach
The senior management of Globex Corp is convinced that the company is too small to be a cyber-security target. The CEO believes that the company is better off spending money on marketing and sales rather on security because “it is a problem that won’t happen to us”. He is reluctant to spend money on upgrading either ICT equipment or security because he does not see any value in it andgenerally regards security as “being excessive”.
Management uses a local PC shop in Wagga Wagga to do all repairs and upgrades when they are required. ICT equipment is normally purchased based on the best price that can be obtained from large local retailers, such as Harvey Norman, The Good Guys or Officeworks, but some servers were purchased online and shipped to the company from overseas.
There are no formal onboarding and off boarding processes in the organization. There is no policy framework in the organization.

Get expert help for Globex Corporation Case Study and many more. 24X7 help, plag free solution. Order online now!