Top-Rated Free Essay
Preview

Week 8 Paper

Powerful Essays
2205 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Week 8 Paper
Windows Security Model:
NextGard Technologies
American Military University

Introduction
The purpose of this paper is to outline policies, standards, and procedures to improved NextGard’s Technologies organizational network. By implementing a successful security strategy we will give recommendations and guidance in areas of Access Control, Cryptography Methods, Malicious Virus Countermeasure, Monitoring and Analysis, Proxy Server and Internet Access Control to NextGard Technologies. All implementation outlined in this model should be used across all NextGard’s Technologies location, networks, and devices to better secure of information and protection against attacks. We will also provide NextGard with an awareness programs ensuring Nextgard’s 250,000 employees are up to date on cyber awareness. This model will improve over organization security, and protection of information NextGard provides to its customers.

Access Control Limiting access control to NextGard’’s operating systems should be top priority. Attackers need a means to connect to a network to gain access to information, if their means to access the network it block then NextGard’s information and data is greater secured. Implementing a Access Control List is a set of specifies entries given to a trustee that tells an operating system which access rights each user has to a particular network system object such as a directory. The access control list is a secure measure used to limit the user’s ability to read, write, and make changes to files, and documents.
The approach recommended to use is for Access Control is AGULP:
Accounts- Create separate user accounts for each user adds an extra step of security.
Global Groups- Adding each user to a global group account according to their share attributes, the attributes can be geographical or functional.
Universal Groups- Adding Global groups to Universal groups or groups that are defined for users in any domain in Active Directory.
Local Groups- Adding Universal groups to Local groups on computers that contain resources NextGard wants to secure.
Permission- Defining permissions to local groups used for secured recourses or objects.
This policy is much easier to maintain, while reducing the number of Access Control Lists required for each subject or object. (Solomon & Microsoft Corporation, 2011, p. 65) There are two essential parts to Access Control, which are Access Tokens and Security Descriptors. Windows prompts the user to enter identification and authentication credentials, which can either be username and password or smart card. (Solomon & Microsoft Corporation, 2011, p. 44) These credentials are associated with an access token that provides users logs on, groups, and privileges to secure objects and control the ability of the user to perform various system related operation. ("Access Control (Windows)," n.d.) The second part of the Access Control is Security Descriptor which associates data that contains the security information for a securable object. ("Access Control (Windows)," n.d.) Every file, folder, or document must have a Security Descriptor that identity the owners and primary groups.
Cryptography Methods Securing data and files on ones computer is more important than ever, Windows offers a few different types of encryption methods for users to secure data on their computer. NextGard’s Cryptography methods implementation will better secure information from thief, loss and hacking. By scrambling the content, it becomes unreadable, the admin who encrypted the data must use a password to unscramble the data to be able to read the data, so without the password anyone who attempts to read the data will only see scramble content. Windows offers a very user friendly feature that does not required any other add-on’s to be able to easily encrypt data. Encrypting File System (EFS) allows users to encrypt files or entire folders by selecting a check box on the objects properties page. The object owner inputs a password called symmetric key that provides fast encryption and decryption of data. (Solomon & Microsoft Corporation, 2011, p. 73) Encryption File System work well for files and folders, but if hard drives need to be secure, Bitlocker could be used to help protect all files stored on the operating systems drive. BitLocker encrypts the entire drive unlike Encrypting Files System (EFS) which enables to encrypt individual files. BitLocker has two setting on and off, allowing files to be automatically encrypted when added to operating systems drive. BitLocker operation modes rely on the computers Trusted Platform Module (TPM) microchip to manage and protect, when the computer is starts BitLocker asks TPM for the key to the drive and unlocks it. NextGard offices have satellite employees that have a combination of desktops, mobile computers and wireless devices, so we recommend Bitlocker To Go, an extension of BitLocker, it allows users the same protection for content on removable storage drives that have been protected with BitLocker. One problem user’s face is transporting sensitive data from one computer to another. Like BitLocker a password is required to open the removable storage drive once opened, without this password the storage device will not open any data stored within it.
Malicious Virus Implementation The best form of protect against malware is antivirus software, and anti-spyware. Software like this is designed to detect and remove malware before entering one 's computer system and causes irreplaceable damage. Antivirus software role is to help detect, mitigate and remove forms of malware, most commonly viruses, worms, and Trojan horses. The method of identifying malware is comparing known malware code call signature that identifies any copies of malware on a system. Anti-spyware primary target is spyware, it helps detect and mitigate malware. Though many antivirus software products include components of anti-spyware there are many cases that anti-spyware soft in conjunction antivirus can identify many more possible risk to your computer then just an antivirus. It is also just as important to regularly update the software, as the scan uses signatures or codes from malware to spot potential new threats. It is reported that around 70,000 new viruses, Trojans and other malware are introduced every day. Once a malware is detected on a system, it can be challenging to remove, so additional steps may be needed. Disconnecting the infected computer from the network, download one alternate anti-malware software using another computer, install additional products on the infected computer, using tools to scan, and follow instruction to remove and detected malware. To best protect a computer, it is suggested to regularly scan your computer, update anti-malware and use more than just antivirus software, restrict software installation and limit web browser function. The protection of our computer is crucial, we store more personal information then very on our personal computer, things such as passwords, banking, and medical information all at the finger tips or potential threats.
Monitoring and Analysis Implementation Routine monitoring and analysis on all systems will allow NextGard server hardware components to perform at their best. Performance monitoring and analysis tools give insight on areas that potential need improvement. Planning a solid monitoring and analysis strategy that collects enough information, collecting much information will slow down computers and wastes disk space. First we recommend creating an initial baseline starting point for each computer that will represent a secure point. After the initial baseline is set, we will have a clear picture of a secure system to be able to use for profiling. Profiling is comparing computer configuration to the known baselines. (Solomon & Microsoft Corporation, 2011, p. 136) For this analysis it is recommended using Security Configuration and Analysis (SCA) which Microsoft provides in Windows. This tool will allow you to analysis computers and compare it to baseline setting. The SCA stores baseline settings in a security template that give quick easy access to compare analysis too. Creating NextGard’s own organizing security policy will be secure its systems while using temples is good means to a baseline, it could be difficult as the number of configuration roles and options grow. Using Microsoft Management Console (MMC) will allow NextGard to create and manage their personal security temples, also will allow for editing of Group Policy Object (GPO) setting. We will also suggest using Microsoft Baseline Security Analyzer (MBSA) which provides a utility to evaluate computers in accordance with Microsoft security recommendations. MBSA checks to ensure the operating system and current Microsoft software are up to date. It not only identifies problems, but also ranks them by severity and provides recommendations to fix each one. (Solomon & Microsoft Corporation, 2011, p. 142)
Proxy Server With so many employs who have access to a wide range of device, all of which are able to connect to the internet that NextGard provides will presents a possibility of attack. Securing the two main proxy servers and internet access is a critical part of NexGard Technologies implementation. One of the most common attacks comes in the form of man-in-the-middle, someone who tries to gain access to servers by using remote access. Securing the traffic flow by added Firewall setting will filter unauthorized traffic on a network. Filters should exist at all network boundaries and between segments to control network ingress and egress. (Solomon & Microsoft Corporation, 2011, p. 194) Firewall rules should be appropriately set to block suspicious traffic, the security of the server depends on how well the Firewall rules are set, we recommend a standalone Firewall to prevent attack before it reaches the server. Place all Internet-facing servers in the Demilitarized zone (DMZ) a convenient place for Web servers, File Transfer Protocol (FTP) servers, or any servers you want unauthorized users to access without being able to get into your trusted network. Network address translation (NAT) hides the true IP address of internal computers from outside nodes

The attackers are contently trying to find way to breech networks to gain information; they are regularly updating their tactics. To stay up to date with them, NextGard will need to routinely install the latest security patches to be able to be one step ahead of the enemy. Security patch are a critical component of hardening an operating system. Administrators only need to configure automatic downloads, and install updates from Microsoft regularly. NextGard will need to require a strong authentication by implementing security identity management. Using strong passwords, with a minimum charter number, and password expire policies in which a administrator can easy apply in Group Policy Objects for each user.
Security of NextGard
Hardening of an operating system requires many layers of protection, each with its own defense. Antivirus software is one of the first lines of defense, scheduling automatic scans and updates are vital to antivirus. Regular updates are a crucial part of security, not only for antivirus which is imperative to scan for new virus, but also Windows security patches which is designed to update computer programs that include fixing security vulnerabilities and other bugs. Computer workstations are vulnerable just about everywhere, the use of strong passwords for all user accounts is key from protecting against unauthorized users. Ensuring your PC is uncrackable by applying password protection, using upper and low case letters, numbers, and symbols. Windows offers its own protection to your local computer with Windows Firewall to prevent hackers and malicious software from entering you system. Firewall is software that conducts checks on information coming from the internet and ether blocks or are allows it to pass through your PC depending on the firewall setting, as stated by Windows a firewall isn’t the same thing as an antivirus program and to protect your computer you need both firewall, antivirus and anti-malware which would be consider defense in depth. Lastly when not using your computer ensuring it is lock when your leave or step away will prevent unauthorized users from gaining access to your files and system, these are just a few hardening steps to follow, that are free and easy to use.
Conclusion
We have provided NextGard with proven general security model that will work well with NextGard’s Technologies company size. The security model is a defense in depth with many layers for this security model to be effective. This is a recommended model, and can be modified to include NextGard’s particular issues and details which may not be outline here.

References
Access Control (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa374860%28v=vs.85%29.aspx
AGDLP reduces account management, permissions management headaches. (n.d.). Retrieved from http://searchwindowsserver.techtarget.com/tip/AGDLP-reduces-account- management-permissions-management-headaches
The basics of using a proxy server for privacy and security - TechRepublic. (n.d.). Retrieved from http://www.techrepublic.com/blog/it-security/the-basics-of-using-a-proxy-server- for-privacy-and-security/
Cryptography (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa380255%28v=vs.85%29.aspx
How to Remove Malware From Your Windows PC | PCWorld. (n.d.). Retrieved from http://www.pcworld.com/article/243818/how_to_remove_malware_from_your_windows _pc.html
Microsoft Security Essentials - Microsoft Windows. (n.d.). Retrieved from http://windows.microsoft.com/en-us/windows/security-essentials-download
Monitor Windows Server with Performance Counters | Systems Management content from Windows IT Pro. (n.d.). Retrieved from http://windowsitpro.com/systems- management/monitor-windows-server-performance-counters
Solomon, M., & Microsoft Corporation. (2011). Security strategies in Windows platforms and applications. Sudbury, MA: Jones & Bartlett Learning.
Step 1: Plan the Web Application Proxy Infrastructure. (n.d.). Retrieved from https://technet.microsoft.com/en-us/library/dn383648.aspx
A Survey of Network Traffic Monitoring and Analysis Tools. (n.d.). Retrieved from http://www.cs.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors3/index.html

References: Access Control (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa374860%28v=vs.85%29.aspx AGDLP reduces account management, permissions management headaches. (n.d.). Retrieved from http://searchwindowsserver.techtarget.com/tip/AGDLP-reduces-account- management-permissions-management-headaches The basics of using a proxy server for privacy and security - TechRepublic. (n.d.). Retrieved from http://www.techrepublic.com/blog/it-security/the-basics-of-using-a-proxy-server- for-privacy-and-security/ Cryptography (Windows). (n.d.). Retrieved from https://msdn.microsoft.com/en- us/library/windows/desktop/aa380255%28v=vs.85%29.aspx How to Remove Malware From Your Windows PC | PCWorld. (n.d.). Retrieved from http://www.pcworld.com/article/243818/how_to_remove_malware_from_your_windows _pc.html Microsoft Security Essentials - Microsoft Windows. (n.d.). Retrieved from http://windows.microsoft.com/en-us/windows/security-essentials-download Monitor Windows Server with Performance Counters | Systems Management content from Windows IT Pro. (n.d.). Retrieved from http://windowsitpro.com/systems- management/monitor-windows-server-performance-counters Solomon, M., & Microsoft Corporation. (2011). Security strategies in Windows platforms and applications. Sudbury, MA: Jones & Bartlett Learning. Step 1: Plan the Web Application Proxy Infrastructure. (n.d.). Retrieved from https://technet.microsoft.com/en-us/library/dn383648.aspx A Survey of Network Traffic Monitoring and Analysis Tools. (n.d.). Retrieved from http://www.cs.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors3/index.html

You May Also Find These Documents Helpful

  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Implementing remote access will allow employees to telecommute which can bring down overhead costs and allow users the flexibility of accessing data outside of the office. In order to protect the data as well as users, audits and access control lists are to be implemented. Access Control allows the identity of the user to determine whether or not they are able to access certain file systems. In order for access control to work properly every user attempting to access the data will need to be entered into the system. Placing passwords on individual files will also provide an added layer of protection.…

    • 689 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Nt1310 Unit 1 Assignment

    • 4104 Words
    • 17 Pages

    However, there is growing interest in protocols and other mechanisms for use with novel telecommunications services. Next-generation value-added services are bound to introduce new vulnerabilities. The interaction between all these communications and security protocols, and the mechanisms used for distributed systems security, is fertile ground for both interesting research. Ways to enhance these protection tools to make sure our technology is safe from IT attacks are evolving all the time. The systems or measures used to protect a company system at present might not be of any use in the future as technology is always enhancing to higher levels. Telecommunication businesses tend to be comparatively adept at managing information security risks. And many are taking action to achieve an enhanced level of ongoing insight and intelligence into ecosystem vulnerabilities and dynamic threats. Companies like Celcom must be ready to invest in this expensive research so as to be able to aggressively compete in the intense telecommunication market and to be able to sustain itself in this industry. Today, information security is a discipline that demands advanced technologies and processes, a skill set based on counterintelligence techniques, and the unwavering support of top executives. As telecom operators become more similar to technology companies, they will face a raft of new challenges. Core practices like employee awareness and training, policies and tools to reduce insider risks, and protection of data, including intellectual property, will need to be updated. The confluence of mobility, cloud, and social networking have multiplied risks, yet few operators have addressed these threats or deployed technologies that monitor user and network activity to provide insight into ecosystem vulnerabilities and threats. These…

    • 4104 Words
    • 17 Pages
    Powerful Essays
  • Good Essays

    This file includes ENG 302 Week 4 Individual Assignment: Postwar Emerging Issues in Literature Paper…

    • 486 Words
    • 2 Pages
    Good Essays
  • Good Essays

    week4paper

    • 746 Words
    • 3 Pages

    Preparing to conduct business Research: Part 3October 27, 2014University of PhoenixPreparing to conduct business Research: Part 3 Quantitative will become the primary research design…

    • 746 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Week 4 journal

    • 849 Words
    • 4 Pages

    Journal Assignment: Budgets play a critical role in management activities such as planning, controlling, and motivating employees. Used effectively, budgets can help a company achieve its goals and create a productive work environment. In contrast, budgets can also create a hostile work environment. Watch this video about budgets and employee morale and then reflect upon your own work experiences. Explain how budgeting was incorporated to achieve the company’s overall goals and objectives. Reflect on whether or not the budgets were effectively applied and whether your experience was positive or negative.…

    • 849 Words
    • 4 Pages
    Better Essays
  • Good Essays

    Week 10 Essay

    • 397 Words
    • 2 Pages

    The principle states that if a sequence of m outcomes can occur in such a way that the first outcome can occur in n1 ways, the second can occur in nm ways, then the number of ways that is sequence can result…

    • 397 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    Access Control Lists

    • 3039 Words
    • 13 Pages

    This report will look at various access control methods used by Operating Systems (OS) to control user access to files on a computer and what they can do once they have gained access. In this first section I will look at methods such as Access Control Lists(ACL’s), Capabilities and Encrypting file systems(EFS) and which Operating Systems use these as well as the advantages and disadvantages they have over each other. The second part of my report will focus on one OS and explain in detail the methods it uses to control file access and how it works.…

    • 3039 Words
    • 13 Pages
    Powerful Essays
  • Satisfactory Essays

    4th Quarter Paper

    • 332 Words
    • 2 Pages

    Federalism and Checks and Balances limits the powers of national government. Federalism is used to separate the power between state and national government. Federalism limits the power of the national government by dividing power between national and state governments. By doing this it limits the authority of the national government. The US uses a system in which state and federal governments work together to enforce policies. By the state and federal government working together it limits the national government. For example, President Obama may want to know what the state government believes. Therefore his power is limited to the states.…

    • 332 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Week 5 Journal

    • 770 Words
    • 4 Pages

    I have witnessed the stages of conflict in my relationships on a daily basis, especially when it comes to my sixteen year old daughter and her attitude, we often disagree. Our greatest challenge that we deal with the most is trying to manage her diabetes in public. Lately she has gained this attitude of she knows what is best for her. She wants to be independent and thinks that she does not need my guidance or opinion. Often times, this cause a power struggle between the child and the parent. In reality, she does not see a problem with her managing it alone. In the past, allowing her to self-manage her diabetes caused an increase in her A1-C. We resolved the problem by coming to a verbal agreement. I came up with a plan that would allow me to be trusting and for her to feel independent. The idea is for her to check her blood sugar levels with her testing kit and every Thursday we will get together and review the numbers. She had to agree with sitting down and discussing any changes that needs to be made without conflict. We both have agreed to meet one another half way and work together to ensure her health as a team.…

    • 770 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Week 5 Research Paper

    • 1014 Words
    • 3 Pages

    I have been through so many experiences with sales representatives but as well as everyone else in the world who buys goods or services from someone else. You meet different kind of salespeople anywhere where you go. They’re motives can be because they are working on commission meaning their paycheck is reflected on the amount of product or service they sell or they are just trying to be as helpful to you as possible because they like what they do. For whatever, reason it may be the goal is always to find and sell what the consumer wants. I have worked in retail in the past selling coffee for people. I did not have any experience in selling prior to the coffee shop job but the job teaches you how to sell their product. So, I have an idea how the sales representatives are going to be like and the basic structure, which brings me to one of my memorable experiences with a sales representative. I was looking for a present for my girlfriend for our anniversary. I know already that she likes this one particular brand so I went to that store. The usual greeting the moment I got in the store, “Hello, please let us know if there is anything we could help you in.” I looked around the store and stopped at their jewelry case. I have been standing there for about five minutes before a sales representative came up to me. She asked if there was anything she can help me with. I told her why I was there. The sales representative started to ask me a couple of follow up questions such as the time of the anniversary, whether my girlfriend like silver or gold, and the clothes she wears. After, answering all her questions she showed me a couple of necklaces and rings as an idea for a present. I liked all of them but I told her none of those feel right to get. Then, she asked me my feelings towards a particular product and it from there she brought out watches and bracelets. From those questions that was asked from me she pinpointed what I was looking for before…

    • 1014 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Week 5 Paper

    • 803 Words
    • 4 Pages

    Climate change; the gradual shift in weather patterns throughout the planet attributed to the use of fossil fuels used by humanity to make life more convenient and comfortable. People have been the stewards of the planet for roughly 200,000 years of which, the past 150 years would be classified as America’s peak industrialization, but this is a global issue and many nations have only recently begun their foray into industrialization, like China, India, Dubai, Saudi Arabia, Iran, etc.…

    • 803 Words
    • 4 Pages
    Good Essays
  • Good Essays

    related accounting

    • 10421 Words
    • 42 Pages

    precise means of measurement. This term is used for an amount measured at fair value…

    • 10421 Words
    • 42 Pages
    Good Essays
  • Good Essays

    A group may be defined as two or more people who interact to accomplish either individual or mutual goals.…

    • 4679 Words
    • 19 Pages
    Good Essays
  • Powerful Essays

    Voice Recognition

    • 1843 Words
    • 8 Pages

    This project allows a organization or academic institute to overcome the problem of proxy to a great extend.…

    • 1843 Words
    • 8 Pages
    Powerful Essays