TO: Network Administration Group
FROM: Tonia Appleton, Manager of Network Services
DATE: July 23, 2003
SUBJECT: Network Security
Great Widget Company values the security and integrity of its data. In keeping with that policy the following information is provided to clarify the security level associated with each level of the OSI (Open System Interconnect) model. Please familiarize yourself with this information, we will discuss it in the next regular staff meeting scheduled for Monday, August 1, 2003.
Physical Layer Security protection at this level includes physical media, access to input devices, and power supply restoration. The server room will be locked at all times with only authorized team member having access. Entry to the server room will require both the scan of an authorized badge and the entry of the corresponding pin number. Anyone accessing the server room who is not an employee must be accompanied at all times by an authorized team member. All network hardware will be protected from loss of power by a UPC.
Data Link Layer Assurance and availability are the security goals for this OSI layer. One vulnerable area in this layer is alteration of the Address Resolution Protocol (ARP) cache causing MAC addresses to be matched up to incorrect IP's. MAC address filtering will be used to identify stations by address and cross-reference the physical port or logical access.
Network Layer The network layer is responsible for routing data, and the security vulnerabilities include routers, switches and bridges. All routers will utilize IPSEC technology to ensure confidentiality of data transmitted. The preferred mode if IPSEC encryption is tunnel to encrypt both the data payload and the header information.
Transport Layer The transport layer which assists the network layer in ensuring that data arrives at the proper destination is vulnerable to security breaches. TCP and UDP can be used to obtain network information used for unauthorized access. Firewalls will have strict rules limiting access to specific transmission or protocol information. Firewalls must be capable of stateful inspection to prevent false packet profiles from entering the perimeter. In addition virus scanning software will be deployed for additional protection.
Session Layer All password exchange and storage will be encrypted. Three attempts to access with an invalid password will require a thirty minute time-out before access is authorized. Two such time outs in a 24 hour period will require permanent lock out of the user account until reinstatement is approved by the appropriate business unit contact.
Presentation Layer Secure Sockets Layer (SSL) protocol will be used to ensure private and secure transmissions. This is accomplished by a secure sockets layer handshake to authenticate the server and client, establish and encryption method and a unique session key.
Application Layer The application layer which is where the user interfaces with the system has its own set of security vulnerabilities. Viruses, Trojan horses and worms are among those introduced by the users through such applications as email. In addition to virus scans at this level intensive user education will be conducted to ensure network security.
Any new processes or hardware, deemed to be non-compliant with this policy will require justification and the Director of IT approval to implement. Any current network processes or hardware, that violate this policy must be either changed or approved by September 1, 2003.
You May Also Find These Documents Helpful
-
Studying the seven layers of the OSI design, a decision to be taken is that the layer three, also referred to as the network layer is the one which WAN protocols operates on. The network layer carries out regular tasks as well as pinpoints end-to-end addressing and routing datagrams (Regan, 2004). There exists a unit known as brouter that some layers incorporate which works like a router and a bridge. Routers and switches work on layers 2-4 (data link layer, network layer as well as transport layer). As mentioned earlier, on layer two of the OSI model, network layer, is the place where the addressing and routing is carried out. On the transport layer of the OSI model is the place where the flow control and mistake handling works. Lastly, on layer four the synchronizations and assemblies are completed.…
- 254 Words
- 1 Page
Satisfactory Essays -
Lock the servers into their own room with keycard or fingerprint access only. Only authorized IT staff shall have access. Management, vendors and all other authorized guest shall be escorted by an authorized IT staff member. Video surveillance should be maintained and monitored at all access…
- 424 Words
- 2 Pages
Satisfactory Essays -
In order to provide speed and reliability, large and enterprise-level networks today are typically constructed in multiple layers. They are the access layer, also called the network edge layer, the aggregation or distribution layer; and the network core layer. The access layer is usually a mesh of network switches, linked to other switches in the aggregation layer, which in turn is linked to the core.…
- 681 Words
- 2 Pages
Good Essays -
The 7 layers can be split logically into two subgroups. Layers 7 thru 4 focus on the end to end communication of data source and destinations. Layers 3 thru 1 are provide consistent communication between the network devices. An easier way of looking at the OSI model is dividing the upper layers (7, 6, 5) from the lower layers (4, 3, 2, 1). The upper layers deal with application issues and are implemented only in software. The highest layer, the application layer, is the closest to the end user. The lower layers are responsible for the transportation of the data. The physical layer and the data link layer are implemented in hardware and software. The lowest layer, the physical layer, is closest to the physical network medium (the wires, for example) and is responsible for placing data on the medium.…
- 1266 Words
- 6 Pages
Powerful Essays -
Layer 4: The transport layer...This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer.…
- 987 Words
- 4 Pages
Good Essays -
Physical entry controls will consist of guard’s at all perimeter doors, and into all secure areas. Also a security system on all outer doors that is monitored 24 hours a day by a security company. There will also be motion sensors at all available accessible areas. There will be barbed wire around all access to first and second floor areas around perimeter fence. There will also be badges for person ale according to security level as well as guest. Also security cameras in all accessible areas with 360 degree rotation as well as nightvision.…
- 650 Words
- 3 Pages
Good Essays -
Combines layers 5, 6 and 7: provides network services such as email, file transfers, exchanges of data, support connections between sessions and inner host communications…
- 324 Words
- 2 Pages
Satisfactory Essays -
The 5-layer model serves essentially the protocols regarded as Transmission Control Protocol (TCP) as well as Internet Protocol (IP), or mutually, TCP/IP. The User Datagram Protocol (UDP) is likewise served by this particular model. The 5-layer model was produced alongside with these protocols, anteceding the 7-layer model, and is from time to time known as the TCP Model.…
- 1263 Words
- 5 Pages
Powerful Essays -
The Network Layer is accountable for implementing a logical addressing scheme and for transporting the packets from one end to the other end. The network layer can be connectionless or it can be connection oriented. This layer is also responsible for breaking larger packets up for delivery depending on the media this is known as packet switching. These protocols include Apple talk DDP, IP, and IPX.…
- 418 Words
- 2 Pages
Satisfactory Essays -
Provide a short summary (including the name) and details of the contribution that each of the following organizations have played in facilitating effective data communication. Summarize the types of standards that would be found at each organization and map those to the layered model used by Kurose Ross.…
- 1851 Words
- 8 Pages
Powerful Essays -
Included in the LAN are the physical equipment and the actual configurations of the equipment. There are security measures and restrictions applied to the configuration, in which data travels through our organization. These rooms will have a physical and a software security. The logical layer of security can include VPN, SSL, PPTP, and other items. (Kim & Solomon, 2012)…
- 539 Words
- 3 Pages
Good Essays -
Given the network security applications and countermeasures in the first column of the table below, explore answers to the following questions:…
- 299 Words
- 2 Pages
Satisfactory Essays -
• Defines strict access control policies, standards, procedures, and guidelines. Implement second-level identity check to gain access to sensitive systems, applications, and data.…
- 447 Words
- 2 Pages
Satisfactory Essays -
The open system interconnect (OSI) mdel has seven layers for communication and network protocols. The layers consist of presentation, application, session, transport, data, network and physical. These standards are the platform from which computers communicate. During this communication certain rules must be followed by the sender and the recipient for the communication to be successful.…
- 339 Words
- 2 Pages
Satisfactory Essays -
In the interest of business continuity, remote access will be utilized. User wishing access to internal network assets will only be able to access said assets with the use of a company issued laptop. We will make use of MAC address filtering to allow remote users access to the internal network via VPN. Each of the remote access laptops will have been loaded with VPN and have the MAC address added to the list on the MAC address filter. Users will be able to login to the VPN by using their local username and password. By making use of a VPN connection, users should be able to easily access the network assets. VPN connections are protected by SSL encryption which provides communication security over the internet. Each of the remote access laptops will be encrypted with McAfee safeboot encryption and all local data will remain encrypted until a valid login is entered. McAfee safeboot encryption requires additional login information to access the IDI internal network.…
- 980 Words
- 4 Pages
Good Essays