Preview

Nt2580 Week 1 Multi-Layered Security Research Paper

Better Essays
Open Document
Open Document
1234 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Nt2580 Week 1 Multi-Layered Security Research Paper
Multilayered Security Strategy: Richman Investments
Sharon Cadwell
ITT Technical Institute
NT2580 Introduction to Information Security
De’Von Carter
11/16/14

Multilayered Security Strategy: Richman Investments
This multi-layered security plan for Richman Investments will provide a short overview of the security tactics that will be applied at each level of the IT infrastructure.
This MLS Plan will describe how the IT department will improve the security of each domain and how to protect the company’s information. The IT department will update all firewalls on the infrastructure and make sure to secure all ports that are open. This will help stop incoming traffic that is malicious. Another protection utilized will be anti-virus software,
…show more content…

This domain is the fastest way for the system to be compromised. I would implement an AUP (acceptable use policy) that will be understood and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the …show more content…

The primary concern of the System/Application domain is loss of data. System/application attacks are generalized into three categories: denial or destruction, alteration, and disclosure. Data loss from errors, failures, and disasters are also a concern of this domain. This domain needs to be protected by securing the physical access to computer rooms and a disaster recovery plan (DRP) should be created including the backup of data. Plan, configure, maintain, and improve all network servers and implements all standards including the Acceptable Use Policy

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Upgrade- Establish endpoint security updates (Antivirus, Malware protection). Upgrade all desktop and laptop Operating Systems. Once all systems are running on the same system, it will be easier to set up security protocols across the board. Make sure Patch updates are being made regularly, set up a specified time frame to check for and install new patches and updates.…

    • 409 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    When creating a multi-layered security plan, I would look at all seven domains of the IT infrastructure and then increase the security on each of those domains because that will increase the security for the whole plan. In the user domain, this is the quickest way for the system to be compromised the users. So I would implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will also need to be changed every 90 days and the same password cannot be used again for three calendar years. In the workstation domain, I would make sure that each workstations, whether desktop or laptop has some security on it like antivirus and malware protection installed. Laptops can be very vulnerable for loss or theft, which would make me install an encrypted hard drive so if it is stolen the data can only be retrieved by the owner. For the LAN domain, just train all users about email scams. I would guess that most users know not to access suspicious emails when on our system but I would still implement to the users a quick training course. Then I we should add spam filters this will help get rid of most of the junk email. In the LAN-to-WAN domain, we need to shut down the File Transfer Protocol (FTP) server we have running and switch it over to use secure FTP so that only users allowed on our system can access our FTP server. In the WAN domain, we need to make sure that we have firewalls set up on our network that will filter all incoming traffic. This firewall will stop all traffic coming on to our system that is not meant or not wanted our network. In the Remote Access Domain, we need to establish strict user password policies, as well as lockout policies to defend against brute force attacks, require the use of authorization tokens have a real-time lockout procedure if token is lost, or stolen. The last domain is System/Application domain we need to…

    • 449 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Looking at the network diagram provided I determined that the user, workstation, LAN, LAN-to-WAN, and system/application domains involved in the company should be redesigned to implement better access controls to provide multi-layered security. The most important access control implementation would be the user domain where the company should put emphasis on training; how to recognize social engineering attacks, how to create strong passwords, and how often they should be changed. The workstation domain should focus security via virus and malware scanning, operating system patching, and other types of application-level firewalls. To achieve a multi-layered security approach in the LAN domain I would recommend using an intrusion detection system (IDS) and an intrusion prevention system (IPS) to prevent unauthorized access. Security for the LAN-to-WAN domain should be implemented through the use of a firewall or DMZ to also prevent unauthorized access into the company’s network.…

    • 439 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    IT255 Project 1

    • 663 Words
    • 2 Pages

    The following outline presents the fundamental solutions for the safety of data and information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization.…

    • 663 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    The purpose of this policy is to define standards for connecting to Richman Investments network from any host. These standards have been designed to minimize the potential exposure to Richman Investments from damages which may result from unauthorized use of Richman Investments resources. Damages include intellectual property, the loss of sensitive or company confidential data, damage to critical Richman Investments internal systems, damage to public image, etc.…

    • 438 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    The User Domain is made up of the employees that have access to the organizations equipment and network and is the weakest link in any IT infrastructure, including the one here at Richman Investments. The amount of social networking and the errors that are made by employees may end be detrimental to the network and cause data to be lost, tampered with, or stolen. The best way to avoid this would be to implement an Acceptable Use Policy (AUP). This will inform the employees what they can and cannot do with company information, resources, and equipment. Anyone that abuses the AUP will be held accountable for their actions. Employees must have their individual permissions for what they can and cannot do in order to make them accountable. It is the responsibility of the HR to check the background of each employee thoroughly and follow with regular evaluations. It is also important that security control audits are performed to secure the system against risks and threats.…

    • 789 Words
    • 4 Pages
    Satisfactory Essays
  • Satisfactory Essays

    In this Multi-Layered Security Plan, I will provide information on how to better improve the security of each domain and protect the data of Richman Investments. We shall secure all ports for incoming and outgoing traffic, only allowing the information that is needed through certain ports and to conduct business fast and efficiently. We will also be using the latest and most updated firewall protection and anti-virus software to add a better degree of security. This will be implemented throughout the entire company and we will inform all employees of this MLS plan.…

    • 492 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    I can understand your concern with your network security and better securing your information without losing productivity. You can set up your users to have their passwords be changed at a certain time and I would recommend a short amount of time in-between. And also you can have the passwords be in a certain context or to be made a certain way and make sheer that the security levels are high on them so that a hacker has a harder time to get in to the network. I recommend you use the following format; using capital and lower case letters the first letter of their name, their whole last name and their employee number, ex. “JVentura10415867@Domain*%$.Local” if someone tried to hack the account and all that they knew was the person name and the domain name they could not get in because it is very unlikely that they would know that person employee number and if they do then you have a spy in your company. Can also buy better security items to better your network things like smart card, finger print scanners, retinal scanners, and others. But I only recommend these for really sensitive information and only for certain users in your company. I hope that this has helped you in any way and I wish the best of luck to you.…

    • 327 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. The seven domains are user domain, workstation domain, LAN domain, LAN to WAN domain, WAN domain, and remote access domain. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan.…

    • 386 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Employees will be also using the workstation domain is where they will connect to the company’s network. Tight security and access controls will be enforced on company equipment and users must have proper access rights…

    • 539 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Unit 4 Assignment 2

    • 717 Words
    • 3 Pages

    The purpose of this policy is to define standards for connecting to Richman investment’s network from any host. These standards are designed to minimize the potential exposure to Richman investments from damages which may result from unauthorized use of Richman investments resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Richman investments internal systems, etc.…

    • 717 Words
    • 3 Pages
    Powerful Essays
  • Satisfactory Essays

    nt1330 unit 7 assinment1

    • 350 Words
    • 2 Pages

    I can understand how you concerned with your company’s security after all information on competitors can be invaluable or very harmful to a company and this is why it must be protected from prying eyes. This does not have to mean that you have to lose production over trying to secure your networks information. An easy measure like user names and passwords can be used to protect less sensitive information but how strong you make those usernames and passwords can have a significant effect on how well your information is protected. I will give you some tips on how to better secure your network with the tools that you already have at hand, keep in mind that you can also buy better security items to better protect you network things like; smart card, finger print scanners, retinal scanners, etc. but I only recommend these for really sensitive information and only for certain users in your company. On the server that is the DC log in to the administrator account and in the Active Directory Users and Computers in the Domain icon in the left pane click on the users icon, you’ll be able to see all of the users in that domain. From here you can click on any user and make changes as necessary, for user names I recommend you use the following format; using capital and lower case letters the first letter of their name, their whole last name and their employee number, ex. “CCbattle1234@Domain*%#.Local” if someone hack the account and all that they knew the person name and the domain name they could not get in because it is very unlikely that they would know that person employee number and if they do then you have a spy in your company. As for passwords I recommend that they be alpha numeric and what this means is that they should be at least eight characters long, be composed of upper and lower case letters, should contain at least one number and one special character.…

    • 350 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    ISA 650 Final Exam Paper

    • 4435 Words
    • 18 Pages

    73. Requires the creation of computer security plans, and the appropriate training of system users or…

    • 4435 Words
    • 18 Pages
    Satisfactory Essays
  • Good Essays

    NT2580 Unit 1

    • 578 Words
    • 3 Pages

    A second domain that is affected is the Workstation Domain. The Workstation Domain is where most users connect to the IT infrastructure. A workstation can be a desktop computer, laptop or any device that connects to the network. A role of the workstation domain is that the organization’s staff should have the access necessary to be productive. Some tasks included are configuring hardware, hardening systems, and verifying antivirus files. Threats that are included in the Workstation Domain include Unauthorized access to the workstation, Desktop/laptop computer operating system software vulnerabilities, viruses, and downloading content like photos/music via the Internet. To protect from unauthorized access, enable…

    • 578 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    lab 4

    • 451 Words
    • 2 Pages

    Create a simple Internet OR e-mail use policy for Richman Investments that defines the acceptable and unacceptable use of Internet and e-mail access at Richman. Go to the SANS website at http://www.sans.org/security-resources/policies/ to view sample policies.…

    • 451 Words
    • 2 Pages
    Satisfactory Essays