Project 1: Multi-Layered Security Plan
Classification Description: (MLS) Multi-Layered Security
Introduction
Protecting sensitive or confidential data is paramount in many businesses. In the event such information is made public, businesses may face legal or financial ramifications. At the very least, they will suffer a loss of customer trust. In most cases, however, they can recover from these financial and other losses with appropriate investment or compensation
Having information of different security levels on the same computer systems poses a real threat. It is not a straight-forward matter to isolate different information security levels, even though different users log in using different accounts, with different permissions and different access controls (Red Hat, Inc. 2006).
Below I have listed the IT infrastructure of Richman Investments along with recommendations in each infrastructure on levels of security that should be implemented for a more secure network.
IT Infrastructure Affected
1. User Domain: The people who access an organization’s information system.
* The first thing that should be implemented is a mandatory Computer Security training session to educate the users on the proper use of work computers.
2. Workstation Domain: Users (most) connecting to the IT infrastructure.
* The workstation domain comes with its own problems such as unauthorized access to the system, the way to fix this problem would be to implement access policies and guidelines.
3. LAN Domain: A collection of computers connected to one another or to a common connection medium.
* Implement second or third level identity check to gain access to sensitive systems, applications, and date. Keep all hardware in a secure location with access only with proper ID.
4. LAN-to-WAN Domain: Link between the Wide Area Network (WAN) and the Internet.
* Conduct post configuration penetration tests of the layered security solution within the LAN-to-WAN Domain. Test
Introduction
Protecting sensitive or confidential data is paramount in many businesses. In the event such information is made public, businesses may face legal or financial ramifications. At the very least, they will suffer a loss of customer trust. In most cases, however, they can recover from these financial and other losses with appropriate investment or compensation
Having information of different security levels on the same computer systems poses a real threat. It is not a straight-forward matter to isolate different information security levels, even though different users log in using different accounts, with different permissions and different access controls (Red Hat, Inc. 2006).
Below I have listed the IT infrastructure of Richman Investments along with recommendations in each infrastructure on levels of security that should be implemented for a more secure network.
IT Infrastructure Affected
1. User Domain: The people who access an organization’s information system.
* The first thing that should be implemented is a mandatory Computer Security training session to educate the users on the proper use of work computers.
2. Workstation Domain: Users (most) connecting to the IT infrastructure.
* The workstation domain comes with its own problems such as unauthorized access to the system, the way to fix this problem would be to implement access policies and guidelines.
3. LAN Domain: A collection of computers connected to one another or to a common connection medium.
* Implement second or third level identity check to gain access to sensitive systems, applications, and date. Keep all hardware in a secure location with access only with proper ID.
4. LAN-to-WAN Domain: Link between the Wide Area Network (WAN) and the Internet.
* Conduct post configuration penetration tests of the layered security solution within the LAN-to-WAN Domain. Test
References: 1. Red Hat, Inc. (2006). Red Hat Enterprise Linux Deployment Guide: Multi-Layered Security. Retrieved from http://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-mls-ov.html <July 8, 2013> 2. Kim D. & Solomon G. M., (2012). Fundamentals of Information Systems Security: The Seven Domains of a Typical IT Infrastructure (1st ed.), 15-33. Burlington, MA.