Sharon Cadwell
ITT Technical Institute
NT2580 Introduction to Information Security
De’Von Carter
11/16/14
Multilayered Security Strategy: Richman Investments
This multi-layered security plan for Richman Investments will provide a short overview of the security tactics that will be applied at each level of the IT infrastructure.
This MLS Plan will describe how the IT department will improve the security of each domain and how to protect the company’s information. The IT department will update all firewalls on the infrastructure and make sure to secure all ports that are open. This will help stop incoming traffic that is malicious. Another protection utilized will be anti-virus software, …show more content…
which will be systematically updated throughout the company. All IT employees will be knowledgeable of the MLS Plan that will be put into effect once senior management approves it for implementation.
User Domain defines the people who access an organization’s information system.
This domain is the fastest way for the system to be compromised. I would implement an AUP (acceptable use policy) that will be understood and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the …show more content…
AUP.
Passwords will also need to be changed every 90 days and the same password cannot be used again for three calendar years.
Workstation Domain is where most users connect to the IT infrastructure. It can be a desktop computer, or any device that connects to a network. In the workstation domain I will install antivirus and anti-malware programs on each workstation computer with strict access privileges in reference to corporate data.
I will also deactivate all media ports (i.e. USB and CD/DVD Drives)
Local Area Network (LAN) Domain is a collection of computers connected to one another or to a common connection medium. Network connection mediums can include wires, fiber optic cables, or radio waves. For the LAN domain I will utilize network switches, WPA2 (Wi-Fi Protected Access II) to provide security and encryption for data transmissions and general computer connectivity for the encryption of wireless access points. Limiting, as much as is possible, who can attach to the network. I would also secure all server rooms from unauthorized access. Then I will add spam filters to help get rid of most of the junk email.
LAN-to-WAN Domain is where the IT infrastructure links to a wide area network and the Internet. In the LAN-to-WAN domain I will isolate all unused ports by using a firewall to reduce the risk of unwelcome network accesses. All inbound IP traffic will be monitored, particularly looking for inbound transmissions that show signs of malicious targets. All networking hardware will have up-to-date security patches, and operating systems. The routers will be configured, and network firewalls will be installed to hinder Ping requests to reduce unplanned Denial of Service attacks.
Wide Area Network (WAN) Domain connects remote locations. WAN services can include dedicated Internet access and managed services for customer’s routers and firewalls. Networks, routers, and equipment require continuous monitoring and management to keep WAN service available. In the WAN domain I will put encryption into effect, as well as virtual private network (VPN) tunneling for remote connections. A separate, secured tunnel extends between each individual VPN router and hub which is a simple way to allow all employees to access the main network. Employees connecting through VPN will be issued a smartcard and pin in order to access the network. This will ensure a secure connection between the employee and the network. All remote users must follow the security requirements set forth in the standard for the company’s remote host accessing IT Resources prior to such access, as well as any guidelines, procedures or other requirements issued by the IT Department. Employees will also be encouraged not to use public Wi-Fi spots. They will be issued company laptops or tablets and will have to access the internet through Verizon 3G or 4G accesses. They will also have to make sure that the antivirus, firmware, and firewall are all updated and working properly before connecting. The employee will receive initial and annual training on the subject and will sign an AUP before being granted access. Anti-virus scanning will be enforced for all email attachments and all malicious software (viruses such as Trojans, etc.) when found, will be quarantined. Placement of redundant internet connections to take advantage of accessibility will also be done.
The Remote Access Domain connects remote users to the organization’s IT infrastructure. The scope of this domain is limited to remote access via the Internet and IP communications. The logical configuration of this Domain requires IP network engineering and VPN solutions. In the Remote Access Domain strict user password policies will be created, as well as lockout policies to guard against brute force attacks. Authorization tokens will be required, while having a real-time lockout procedure followed if token is lost, or stolen. Lastly, I will encrypt the hard drives of company-owned computers, company-supplied laptops and company-supplied mobile device to preclude the loss of delicate data.
The last domain is the System/application domain which consists of all of a business’s mission-critical systems, applications, and data.
The primary concern of the System/Application domain is loss of data. System/application attacks are generalized into three categories: denial or destruction, alteration, and disclosure. Data loss from errors, failures, and disasters are also a concern of this domain. This domain needs to be protected by securing the physical access to computer rooms and a disaster recovery plan (DRP) should be created including the backup of data. Plan, configure, maintain, and improve all network servers and implements all standards including the Acceptable Use Policy
(AUP)
The IT dept. will observe how the users carry out their daily activities on the company’s internet and/or network as well as taking notes on what is seen to be a potential threat in any way to the company. IT Administrators will be monitoring how much and what bandwidth is being used. Any employee found in violation of any policy or procedure will have their accounts locked out immediately and the employee will be probed about their improper use. Providing additional training to that user will also be required. Also, if necessary, they can use the logs to determine how they can further increase security on the network.
References
David, K., & Solom, M. (2012). Fundamentals of Information Systems Security. Sudbury, MA: Jones & Bartlett Learning.
Fundamentals of Information Systems Security/Information Security and Risk Management. (2014). Retrieved from http://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Information_Security_and_Risk_Management
Granger, S. (2002). The Simplest Security: A Guide to Better Password Practices. Retrieved from http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices
Pradhan, P. L., Meher, P. K. Risk Assessment on IT Infrastructure. Retrieved from http://www.infosecwriters.com/text_resources/pdf/Risk_asst-Infra.pdf
Routing and Switching Case Study: How Cisco Uses VPN Solutions to Extend the WAN. (n.d). Retrieved from http://www.cisco.com/web/about/ciscoitatwork/network_systems/wan_vpn_solutions_web.html