Words: 3060
The proposals that have been put into place cover such areas as: access control methods, authentication, user’s accounts and swords, cryptography, remote access, network attack mitigation, mallard and device vulnerabilities, and web and e-mail attack mitigation. These proposals when combined together help form an entire security policy for EX. Inc. To use in order to protect all company assets. Access control methods are a process that determines what services or company resources an employee has access to.
These methods will be used to determine what an employee can and cannot access, as well as ways to make sure that all employees are being granted the correct access levels. Authentication is a process of determining whether someone or something is who or what they say they are. Authentication can be a form of determining whether an employee is actually the person that they say they are. Employees can be authenticated by being able to answer personal questions that only they would know or by providing a surname and password that only the employee knows.
User accounts and passwords provide a level of authentication for employees and is what allows these employees to gain access to a company computer or the ability to log in to a company server or other resource. Each employee should be given a unique surname that is different from every other employee, and each employee should create a complex password that is associated with their surname. The employee should never give out their password to anyone else, and policies should be in place that requires the employee to change the password every so often.
Cryptography provides various ways of transferring plaintext data from one device to another in an encrypted form. It also provides a way of decrypting that data at the destination device back into a plaintext. Cryptography provides a way to transfer data room one device to another and makes sure that the data is unable to be stolen or tampered with in any way. A remote access policy will allow employees to access the company network and its resources when they are not physically present at their work computer.
This type of policy is beneficial for employees who have the ability to work from home or who travel regularly for work. Employees with these abilities are able to log in remotely trot outside the company network and access the resources contained within the network Just as if they were working from the office. The network attack mitigation proposal will allow EX. Inc. O be focused on securing their company network as well documenting and detecting intruders on the network. These goals can be accomplished through the use of security zones, firewalls, and intrusion detection systems.
In order to protect against mallard and device vulnerabilities, a proposal has been put into place that contain policies and procedures that concern mallard protection from viruses and spare, password protection, and hardening. All these policies and procedures that will be put into place will help safeguard the company’s network as well as devices and end user systems that are attached to the network. In order to provide protection for the company’s e-mail system, one main concern needs to be made against preventing spam and pashing attacks.
Spam email is causing employee’s to spend countless hours each day Just cleaning their inbox of these useless emails. These countless each spent each day could be better spent by the employee’s actually doing their Jobs instead of cleaning out their email. Consolidation of all Proposals from Critical Thinking Assignment’s In essence access control is a process that determines what services or company resources an employee has access too. Access control is used in determining whether or not to grant or deny access to these resources or services to an employee, group of employees or to an entire department.
There are four commonly used types of access control methods; however for a smaller company without many employees at this point in time Discretionary Access Control (DACCA) would be good starting point for EX. Inc. Discretionary access control allows the owner of the service or resource to determine who is granted and who is denied access to certain resources. The owner of each resource and service will be given full authority on granting and eying permissions over what they have ownership of. EX. Inc. Does need to make sure that it does not make Just one employee the owner of every resource and service.
This is done in order to make sure that one potential bad employee doesn’t harm the entire company’s information security network with malicious acts. In regards to user accounts and passwords, a few steps should be taken in order to safeguard company information and protect company data. Each individual employee should be given a unique surname that will be used as part of the employee’s network log on. Each unique surname will then be used by the IT apartment and DACCA owner’s in order to grant and/or deny permission’s.
By having unique user names for each employee, the owners of the resources and services will be able to grant certain employee’s permission and deny other employee’s permission to each resource and service. Each employee should also be required to set up a password that only they know, that will be used with the surname in order to log the user onto the network. In order to make sure that the passwords are safe, each password will be required to be at least eight character’s in length, require one per case letter and one special character such as #, $, %, &, *, etc…
After initially setting up the password, there will be account lockout restrictions in place to safeguard against potential attacks. An account lockout threshold of 3 failed log on attempts will be in place, after which the account will be locked out and the employee will need to contact the IT department to nave the account unlocked O step to consider for the future if the company continues to expand is to put account restrictions into place that limit the day and times that employees are allowed to access the network.
In order to make sure that all files are encrypted and kept confidential, EX. Inc. Should use asymmetric encryption. Asymmetric encryption “uses two keys that are mathematically related. Both keys when paired together are called the key pair” (Tautest, 2013, section 2. 4. 2, Para. 1). Asymmetric encryption uses a public key that is available to all users and a private key that is secret and only known by one user. The benefit to Z”‘ Inc. By using asymmetric encryption is through the use of the private key.
Since only one user knows the private key, in order to encrypt and crypt a file the private key is needed either by the sender or the recipient of a file. Without the key pair between the two users, the file cannot be encrypted or decrypted. If an unintended user were to receive the file, without the private or public key they would not be able to read the file. In order for EX. Inc. To provide this remote access to their employee’s, the first thing that needs to be implemented is a remote access server.
This server will be installed within the company’s network and is used to allow remote access connections between the remote computer and the internal network resources. Once the remote access server has been configured and installed on the company’s internal network, the first step to using the remote access service is to establish a connection between the end user’s client computer and the remote access server. “The connection process includes establishing the physical connection along with agreeing on communication parameters” (Tautest, 2013, section 3. 6. 2, Para. ). As far as the connection between the client and the remote access server, there are two different types of connections that can be used; a dialup injection between the client and remote access server or a virtual private network (VPN) that uses high speed internet connection. In order to determine which of these will work best, EX. Inc. Needs to determine what types of connections the end users will be using to connect to the remote server. Will the end users be using a dialup connection or some type of high speed connection such as DSL, broadband or wireless?
Since a majority of our employees have access to high speed internet at home and most hotels now offer high speed internet to our employees who will traveling, EX. Inc. Should use the virtual private network connection. The virtual private network will use the remote access implementation which places the remote access server on the edge of the company’s internal network and allows the server to accept connections from each computer that is trying to make the connection.
After making the initial connection between the remote client computer and the remote access server, an authentication protocol will be in place in order for the remote computer to provide its identity to the remote access server. This protocol will be agreed upon between the remote computer and the remote access server during the connection hash of implementing remote access. There are quite a few different authentication protocols that can be used with remote access; however I recommend EX. Inc. Use the challenge handshake authentication protocol (CHAP).
The main reason that I recommend the challenge handshake authentication protocol is because it ensures that the exact same client and server that initially made the connection remain connected throughout the remote access session. This protocol handles this by randomly and repeatedly re-authenticating the client computer and remote access server. The first thing that EX. Inc. Household consider in order to protect their company websites and networks is the use of security zones. “Security zones are portions of the network or system that have specific security concerns or requirements” (Tautest, 2013, section 5. . 2, Para. 1). Security zones can be used to separate certain devices on network that require the same type of security access and protection. Some common types of security zones that AMP and EX. Inc. Should consider using are intranets which are private local area networks that allow only company employee’s access to servers that are placed inside the intranet. Both companies should also consider setting up an extranet which is a private network that allows outside access to the servers and resources to customers, suppliers and other vendors.
Another consideration would be to use a demoralized zone (DMZ) as an extra layer of security between the public internet and the company’s private internal networks. With a demoralized zone, any type of resource that needs to be accessed from outside the company network is placed inside this zone. Examples of these types of resources would be web servers, ftp servers, and email servers. Also with the demoralized one, there is a router with packet filtering software that allows outside traffic into the demoralized zone and restricts outside traffic from gaining access to the private network.
One of the best ways that EX. Inc. Can provide security to their company networks is through the use of firewalls. Firewalls can be standalone devices or devices with software built into them that inspect and then either allow or deny traffic onto the network. Firewalls can either be network-based or host-based depending on the type of security that is needed. For both companies, I would recommend using a network- eased firewall, which will inspect all traffic that travels between networks.
A good place to install the network-based firewall would be on the outer edge of the private company network and would inspect all traffic traveling between the internal private network and the external public network such as the internet. This network-based firewall would use access control lists in helping to allow or deny traffic based on rules that identify characteristics of the traffic. The network-based firewall would use these access control lists to inspect traffic based on direction such as inbound or outbound and based on packet information such as inspecting the source or destination IP address or port number used.
The access control list also defines what action to take when the firewall detects traffic based on the rules that have been set. “Malicious code (sometimes called mallard) is a type of software designed to take over or damage a computer, without the user’s knowledge or approval” (Tautest, 2013, section 6. 1. 2, Para. 1). EX. Inc. Has recently noticed an increase in the number of viruses and spare that have been detected on end user systems. Viruses are imputer programs that are aimed at damaging the computer system and are able to replicate from one system to another.
Viruses can end up spreading from one computer to thousands or millions of other computers through the program that contains the virus. Spare is software that becomes installed on a computer system without the users knowledge and is used to spy on the user in order to gain information such as web browsing habits and confidential information such as passwords or bank account information. In order to protect the end user systems from viruses and spare, there are some steps that need to be taken.
The first thing that needs to be done is to make sure that every network device has up to date anti- virus and anti-spare protection installed. These protections can be used to scan each individual computer or device to check for viruses or spare that may be installed on the system. In order to make sure that both of these protections are up to date, a regular schedule needs to be set up in order to guarantee that the scans are run. By running the scans, these protections check for updated definitions that tell the anti-virus and anti-spare of new types of threats to look for.
In order to help safeguard the company and its network against attacks, password policies need to be in place for all users in order to gain access to their computer system as well as when trying to access resources contained on the company network. Every employee should be set up with a user name and password that first will grant them access into the computer system itself. This will allow the user to gain access to the computer for any resources that are saved or loaded onto each individual computer.
These users should be made aware of what kinds of strong swords are acceptable to be used and should also be made aware that they are not allowed to share their password with anyone else, even if someone claiming to be from the IT department asks the user for their password. A strong password should not contain any of the following: rows of letters across the keyboard, be the same as the user name, the name of a family member or pet, their birthrate, or common words found in the dictionary. All these types of passwords can be cracked very easily, allowing an unauthorized user to gain access to the computer system and to the company network.
Spam is unwanted and unsolicited e-mail sent to many recipients” (Tautest, 2013, section 7. 3. 2, Para. 4). Spam e-mail can be used by the creators of the e-mail in many different ways: by trying to sell the recipient something contained in the e-mail, by containing mallard in the main portion of the e-mail that could infect the recipients computer, by containing mallard inside of an attachment sent with an e-mail, and to waste bandwidth on the recipients network that could lead to a denial of service attack if a large amount of spam e-mails are sent over the recipient(s) network.
The two main concerns that the Information Technology department is concerned with regarding the rise in spam e-mails being received are reducing the amount of time spent each day being spent by employees in cleaning out their e-mail inbox, as well as preventing mallard from being introduced onto company computer’s though spam e-mails.
One of the first things that the information technology department can do in order to help prevent against mallard becoming installed on an employee’s computer is to continually train employees on e-mail best practices. Employee’s should be advised o not open any e-mails that are are received from an e-mail address that they do not recognize. Employees should also be trained that should never download an attachment contained in an e-mail that is from an e-mail address that they do not recognize or do not trust.
Employees should also be trained on how to use and set up tilters that are part tot their e-mail accounts Filters can be set up in one tot tort ways: whitetails can be set up to allow email from verified and trusted senders, blacklists can be set up to block email from senders who are not trusted or verified, a filter can e set up to block email that originated from a particular country or countries, and filters can also be set up to block email’s pertaining to a certain language that they are written in.
By using the whitetails filter, employees can set up their e-mail account to only allow incoming e-mails from trusted senders thus allowing the employee to only receive what they believe is legitimate e-mail. Besides training users and making them aware of what to look for in order to prevent spam e-mails and pashing attacks, the information technology department should have anti-virus footwear running on all client computer’s as well as all e-mail servers. This anti-virus software can be used to scan all incoming e-mails onto the network for attachments that might contain any kind of mallard.
One of the baseline settings that should be applied to the entire e-mail system accompanied is the disabling of preview screens. Preview screens with e-mails act as popup windows that once opened could infect the computer or allow the attacker access to the network.