Multi-Layered Security Plan Paper
In this Multi-Layered Security Plan, I will provide information on how to better improve the security of each domain and protect the data of Richman Investments. We shall secure all ports for incoming and outgoing traffic, only allowing the information that is needed through certain ports and to conduct business fast and efficiently. We will also be using the latest and most updated firewall protection and anti-virus software to add a better degree of security. This will be implemented throughout the entire company and we will inform all employees of this MLS plan.
1. User Domain
a. Security awareness.
We will educate employees on how to properly secure information by user ID and password management training. Instructing them on how to …show more content…
create better and more secure passwords with use of numbers and special characters and teach them better habits for password remembrance by repetition and to avoid righting or storing the password directly at their workstations. We will also be implementing a “three strikes” password system to only allow three failed entry attempts before they are completely locked out of the system.
b. Auditing of user activities
Log all access throughout the entire network to watch for any external or internal threats. Bandwidth will also be monitored to and any large file transfers will require authorization by superiors.
2. Workstation Domain
Restrict access privileges to any sensitive data and set up limited user access on each workstation.
Each station will be stripped of all external ports and media drives to allow zero access with external devices. Set a monitoring system to disable the workstation if it is disconnected from the network.
3. LAN Domain
All workstations will be hard wired directly to the network. Any laptop will be connect via a cloaked wifi network. This means it will display no SSID and only allow certain MAC address access to it. WPA 2 encryption will be used with a password system similar to what is covered in the security awareness section. All server rooms will have keycard access to allow only IT access to them.
4. LAN to WAN Domain
Block all ports that are not in use by our network and monitor all inbound and outbound traffic, keeping a close eye on the inbound to detect threats before they become a threat. Place firewalls and anti-malware software at this point and route all workstation traffic through main servers to better protect the network as a whole.
5. WAN Domain
Configure routers and firewalls to deny all ping requests to reduce chances of DOS attacks and setup redundant internet connections to increase availability. Scanning of all email for malicious software and isolate anything that is
found.
6. Remote Access Domain
Enforce encryption on VPN and encrypt hard drives on all workstations and laptops.
Implement strict user policies for passwords and create lockout policies to prevent brute force attacks. Require authorized tokens over VPN and create a lockout procedure for lost or stolen tokens.
1. User Domain
a. Security awareness.
We will educate employees on how to properly secure information by user ID and password management training. Instructing them on how to …show more content…
create better and more secure passwords with use of numbers and special characters and teach them better habits for password remembrance by repetition and to avoid righting or storing the password directly at their workstations. We will also be implementing a “three strikes” password system to only allow three failed entry attempts before they are completely locked out of the system.
b. Auditing of user activities
Log all access throughout the entire network to watch for any external or internal threats. Bandwidth will also be monitored to and any large file transfers will require authorization by superiors.
2. Workstation Domain
Restrict access privileges to any sensitive data and set up limited user access on each workstation.
Each station will be stripped of all external ports and media drives to allow zero access with external devices. Set a monitoring system to disable the workstation if it is disconnected from the network.
3. LAN Domain
All workstations will be hard wired directly to the network. Any laptop will be connect via a cloaked wifi network. This means it will display no SSID and only allow certain MAC address access to it. WPA 2 encryption will be used with a password system similar to what is covered in the security awareness section. All server rooms will have keycard access to allow only IT access to them.
4. LAN to WAN Domain
Block all ports that are not in use by our network and monitor all inbound and outbound traffic, keeping a close eye on the inbound to detect threats before they become a threat. Place firewalls and anti-malware software at this point and route all workstation traffic through main servers to better protect the network as a whole.
5. WAN Domain
Configure routers and firewalls to deny all ping requests to reduce chances of DOS attacks and setup redundant internet connections to increase availability. Scanning of all email for malicious software and isolate anything that is
found.
6. Remote Access Domain
Enforce encryption on VPN and encrypt hard drives on all workstations and laptops.
Implement strict user policies for passwords and create lockout policies to prevent brute force attacks. Require authorized tokens over VPN and create a lockout procedure for lost or stolen tokens.