Premium Essay

Auditing Local Area Network

In:

Submitted By aguthrie
Words 1201
Pages 5
NIST
The purpose of this publication is to provide organizations with recommendations for improving the Security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and their devices connecting to those networks. The scope of this publication is limited to unclassified wireless networks and unclassified facilities within range of unclassified wireless networks. This publication supplements other NIST publications by consolidating and strengthening their key recommendations, and it points readers to the appropriate NIST publications for additional information (see Appendix C for the full list of references and Appendix A for a list of major security controls relevant for WLAN security). This publication does not eliminate the need to follow recommendations in other NIST publications, such as [SP800-48] and [SP800-97]. If there is a conflict between recommendations in this publication and another NIST wireless publication, the recommendation in this publication takes precedence.
NIST Special Publication 800-53 is part of the Special Publication 800-series that reports on the Information Technology Laboratory’s (ITL) research, guidelines, and outreach efforts in information system security, and on ITL’s activity with industry, government, and academic organizations.
Specifically, NIST Special Publication 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in Federal Information Processing Standard (FIPS) 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk. The security rules cover 17 areas including access control,

Similar Documents

Free Essay

Auditing It Infrastructures for Compliance

...and combine them into one final report. These reports will consist of: - The two auditing frameworks or hardening guidelines / security checklists used by the DoD. - How a security assessment addressing modern day risks, threats, and vulnerabilities throughout the 7-domains of a typical IT infrastructure can help an organization achieve compliance. - How to gather and obtain needed information to perform a GLBA Financial Privacy & Safeguards Rules compliance audit and what must be covered. - The top workstation domain risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to prevent these issues from happening. - The top LAN – to – WAN risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to how we can prevent these issues from happening. - The top Remote Access Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. - The top Systems / Application Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. Part 1: Purpose: The purpose of part 1 for this lab is to develop an executive summary in regards to either the two auditing frameworks or hardening guidelines/security checklists used by the DoD. For this, I have chosen to discuss the two auditing frameworks. Background: A little background about the AF (Auditing Framework) for the DoD is that it provides a foundation for developing and representing...

Words: 2140 - Pages: 9

Premium Essay

Security Policy Outline

...Richman Investments – Multi-layered Security Solutions Outline In today’s technological landscape, securing information is a high priority. There are many ways that a company’s assets can be compromised. In order to maintain a high level of confidence in the safety of information, actions to secure each domain in the network structure shall be implemented and observed. The following outline shows the strategies taken to mitigate risks, threats and vulnerabilities. This outline is subject to change at any time if the situation arises that new risks and threats are revealed. This outline will be subjected to monthly auditing to ensure the highest level of security. The layers of security that will be covered are as follows: 1. User Domain 2. Workstation Domain 3. LAN (Local Area Network) Domain 4. LAN-to-WAN (Wide Area Network) Domain 5. WAN Domain (Internet and Connectivity) 6. Remote Access Domain 7. System/Application Domain 1. User Domain a) Conduct security training for new associates and vendors who are being allowed onto the network. b) Develop an Acceptable Use Policy (AUP) c) Auditing of user activities on company assets 2. Workstation Domain a) Disable peripheral devices such as USB’s and CD’s from being used at workstations b) Enable password protection. Require passwords to meet complexity standards. c) Enable automatic antivirus scans d) Enable content filtering 3. LAN Domain a) Ensure wiring...

Words: 585 - Pages: 3

Premium Essay

Lan - to - Wan Domain

...Michael Bearcroft Week 4 Lab 2 Part 1 Introduction The LAN-to-WAN Domain provides Internet access for the entire organization and acts as the entry/exit point for the wide area network (WAN). This domain is where all data travels into and out of the IT infrastructure. There are many threats and risks here, as the attack could come from inside the network or it could be trying to get into the network. Threats With this domain as the buffer between two other domains it gets the majority of the traffic through it. Some of the treats, risks, and vulnerabilities are as follows. Threats from people, this could be misconfigured equipment, equipment not being used correctly, unauthorized use, use of personally owned software/hardware. There are also viruses, Trojans, and network worms that can inflict damage on the network. Some of the physical threats are fire, water, electrical disturbances, and hardware failures. Mitigation Here is some of the ways in which the threats to the domain can be mitigated. Security training for the employees, so they will know what to do in specific scenarios. Security training is mandated by the Computer Security Act of 1987, so it’s not just a good idea but a requirement. Strict personnel screening by the HR department will also screen out any personnel that could cause issues in the future. User Identification and authentication is another way to keep the LAN – to – WAN domain safe. Another important safeguard is encryption, if the information...

Words: 904 - Pages: 4

Premium Essay

Lab 8

...laptop is stolen (Kim & Solomon, 2012). • Multiple logon retries and access control attacks (Kim & Solomon, 2012). 2. What default configuration should be placed on host-based firewalls when accessing the network remotely? The deny-by-default rulesets for incoming traffic should be placed on host-based firewalls when accessing the network remotely to prevent malware incidents (Wikia, n.d.). 3. What risks, threats, and vulnerabilities are introduced by implementing a Remote Access Server? Risks, threats, and vulnerabilities introduced by implementing a Remote Access Server are: • External hosts gain access to internal resources (Scarfone, Hoffman, & Souppaya, 2009) • An unauthorized user eavesdrops on remote access communications and manipulate them using a compromised server (Scarfone, Hoffman, & Souppaya, 2009) • Partially patched remote access servers (Scarfone, Hoffman, & Souppaya, 2009) 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication is a recommended best practice when implementing a Remote Access Policy server user authentication service (Scarfone, Hoffman, & Souppaya, 2009). 5. What is a Remediation LAN? A Remediation Local Area Network (LAN) is a network with devices like a Remediation Server that quarantines non-compliant computers from an...

Words: 917 - Pages: 4

Premium Essay

Computer Security

... Foundations of Network Security Fundamentals of Network Security 2 Firewall Fundamentals 43 VPN Fundamentals 79 Network Security Threats and Issues 111 CHAPTer Fundamentals of Network Security 1 C OMPUTER NETWORK SECURITY is very complex. New threats from inside and outside networks appear constantly. Just as constantly, the security community is always developing new products and procedures to defend against threats of the past and unknowns of the future. As companies merge, people lose their jobs, new equipment comes on line, and business tasks change, people do not always do what we expect. Network security configurations that worked well yesterday, might not work quite as well tomorrow. In an ever-changing business climate, whom should you trust? Has your trust been violated? How would you even know? Who is attempting to harm your network this time? Because of these complex issues, you need to understand the essentials of network security. This chapter will introduce you to the basic elements of network security. Once you have a firm grasp of these fundamentals, you will be well equipped to put effective security measures into practice on your organization’s network. While this textbook focuses on general network security, including firewalls and virtual private networks (VPNs), many of the important basics of network security are introduced in this chapter. In Chapters 1–4, network security fundamentals...

Words: 16205 - Pages: 65

Premium Essay

Research

...Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States SEVENTH EDITION Data Communications and Computer Networks A Business User’s Approach Curt M. White DePaul University Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Data Communications and Computer Networks: A Business User’s Approach, Seventh Edition Curt M. White Editor-In-Chief: Joe Sabatino Senior Acquisitions Editor: Charles McCormick, Jr. Senior Product Manager: Kate Mason Editorial Assistant: Courtney Bavaro Marketing Director: Keri Witman Marketing Manager: Adam Marsh Senior Marketing Communications Manager: Libby Shipp Marketing Coordinator: Suellen Ruttkay Media Editor: Chris Valentine Art and Cover Direction, Production Management, and Composition: PreMediaGlobal Cover Credit: © Masterfile Royalty Free Manufacturing Coordinator: Julio Esperas © 2013 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means—graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act—without the prior written permission of the publisher. For product information and technology assistance...

Words: 234459 - Pages: 938

Premium Essay

Capstone Project

...ITT Capstone Project NT2799: Network Systems Administration | Donna Williamson, Andy Lara, Mary Hunter, Carlos Vargas, Matt Koppe, Morten Laigaard Donna Williamson, Andy Lara, Mary Hunter, Carlos Vargas, Matt Koppe, Morten Laigaard Table of Contents Part 1: Structure of WAN2 Part 2: Types of Equipment7 Part 3: Protocol Choices25 Part 4: Phone System73 Part 5: Security Proposal78 References89-92 Part 1 Structure of WAN Structure of WAN- Mary Hunter We have initially considered our LAN components and began our documentation. We have planed the design and determined all resources involved. We have considered and interviewed all the stakeholders involved. We are in the beginning stage, so the components, resources, stakeholders and design may change. We will use switches to connect hosts to the internetwork, and both hubs and switches will be used to interconnect devices in our star network architecture. This way if we need to add workstations we will only have to insert another hub or switch. All of ABC worldwide offices will include file services, print services, message services, directory services, and application services. All of the offices will have the use of a file server for file sharing backing up files and storage. They will have access to a print server that will include Queue-based printing and print sharing; a message server that will allow for e-mails with attachment files, including video, sound, and documents. All the offices will have access to a...

Words: 13943 - Pages: 56

Premium Essay

Implementing Corporate Computing

...requires newer application with short response times while increasing overall productivity. (Business Data Communications, Sixth Edition, 2009, p. 58). The corporation will have to decide whether they require a LAN, Local Area Network, if the corporation only needs their network to share resources within a building, (Local Area Network Technologies, 2012). The corporation may want to use MAN, Metropolitan Area Network, if they have multiple building that need to share a network. An example would be a college campus. (Metropolitan Area Network, 2012). The information requirement of management leads us to the three points of the initial roll out phase and network security. The points of initial roll out are plan, analyze, and implementation. (eWeek, 2004). The first point of initial roll out is plan. The planning process is a very critical part of the roll out process. During the planning point, this is where the developers have to take in consideration the growth and acceleration of the computer industry and how this growth effects the computing and information service needs for large corporations. The corporate computing world demands environments that “ uses client/server computing with intelligent graphical desktops and workstations, which communicate with local and divisional personal computing with intelligent, graphical desktops and workstations,” (Microsoft Tech Net, 2012). These workstation need to also be able to communicate with the...

Words: 757 - Pages: 4

Premium Essay

Millbrook Common Lan Design

...LAN Design The network design for Millbrook Commons Community (MCC) contains two smaller LANs that are a part of one large network called a metropolitan area network (MAN). They will be divided into the residential LAN and the Main Complex LAN. These two LANs will then be divided even further into virtual private networks (VPNs). This is known as a hierarchical design. Due to geographical restrictions it is not possible for the LANs to physically connect to each other (using cables) so they will communicate via microwave using WiMax technology. Luckily, both LANs that are to be installed are within sight of each other. Otherwise, we would have to seek alternate means. The WAN section explains the technologies that will be used in further detail. There will also be smaller networks that are centralized around people rather than physical locations. These even smaller networks are called Personal Area Networks (PAN). The PANs will also be able to connect to the larger networks wirelessly. This design will provide MCC with the coverage and service needed to give their residents the best quality of life possible. This hierarchical design is flexible and manageable so that if changes are necessary in the future, they can be accommodated without expensive upgrades. If additions are made to the facilities in the future, adding network nodes is easy and simple. Physical layout The first MCC LAN we will discuss is the residential LAN; there will be two LANs total. The topology...

Words: 2237 - Pages: 9

Premium Essay

Internal Use Only Classification

...Unit 1 Assignment 2: Impact of a Data Classification Standard Course Name & Number: NT2580 Introduction to Information Security Learning Objectives and Outcomes * You will learn how to determine the impact of a data classification standard on an organization's IT infrastructure. Assignment Requirements You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the “Internal Use Only” data classification standard of Richman Investments. Write this report addressing which IT infrastructure domains are affected by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. Your report will become part of an executive summary to senior management. Required Resources None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: Chicago Manual of Style * Length: 1–2 pages * Due By: Unit 2 Self-Assessment Checklist * I have identified at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. * In my report, I have included details on how those domains are affected. Internal Use Only The term “internal use only” is a term that refers to information or data that could also include communications are...

Words: 835 - Pages: 4

Premium Essay

Integrative Network Design

...Integrative Network Design NTC 362 Integrative Network Design This project will consist of five different phases totaling a timeline of six months. The first month will be the planning phase. This phase will have a deadline no longer than 30 days. After the first 30 days, the second phase will take into effect, which is the installation phase. This phase will also have a timeline of no more than 30 days. The Third Phase will be the longest phase of a timeline of 60 days. The third phase will be the testing phase. The testing phase is important because this is the troubleshooting phase. Troubleshooting is important to ensuring the new system is running up to optimal standards. The fourth phase will have a deadline of 30 days. The fourth phase is the Training Phase, and our trainers only need a month to convert the needed employees to the new system. The Fifth and Final Stage is our Final Evaluation/Lessons Learned Stage. At this point, the system is at full running operation, and for the last month the system will be ready for a full evaluation. Riordan Manufacturing is a fast growing business, and has grown into a large fortune 1000 company. As they grew into this large company they have been encountering problems with lost or misplaced material. As of now Riordan’s material is manually tracked by paper and pen by employees then entered into a database by an inventory clerk at the end of the day. This is causing them to misplace customer packages resulting in unhappy...

Words: 2910 - Pages: 12

Premium Essay

Networks

...TYPES OF COMPUTER NETWORKS Maninder Kaur professormaninder@gmail.com What is Network? • A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. • The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams. Different Types of Networks • Depending upon the geographical area covered by a network, it is classified as: – Local Area Network (LAN) – Metropolitan Area Network (MAN) – Wide Area Network (WAN) – Personal Area Network (PAN) Local Area Network (LAN) • A LAN is a network that is used for communicating among computer devices, usually within an office building or home. • LAN’s enable the sharing of resources such as files or hardware devices that may be needed by multiple users • • Is limited in size, typically spanning a few hundred meters, and no more than a mile • Is fast, with speeds from 10 Mbps to 10 Gbps • Requires little wiring, typically a single cable connecting to each device • Has lower cost compared to MAN’s or WAN’s Local Area Network (LAN) • LAN’s can be either wired or wireless. Twisted pair, coax or fibre optic cable can be used in wired LAN’s. • Every LAN uses a protocol – a set of rules that governs how packets are configured and transmitted. • Nodes in a LAN are linked together with a certain topology. These topologies include: – Bus – Ring – Star ...

Words: 611 - Pages: 3

Free Essay

Decoupling the Ethernet from Replication in Flip-Flop Gates

...hierarchical databases can be made multimodal, autonomous, and symbiotic, but rather on exploring a linear-time tool for investigating context-free grammar (Undergo). Table of Contents 1) Introduction 2) Architecture 3) Implementation 4) Performance Results 4.1) Hardware and Software Configuration 4.2) Experiments and Results 5) Related Work 6) Conclusion 1 Introduction Unified perfect methodologies have led to many intuitive advances, including voice-over-IP and neural networks. The usual methods for the evaluation of DHTs do not apply in this area. A practical issue in electrical engineering is the refinement of the lookaside buffer. However, IPv7 alone is able to fulfill the need for the exploration of courseware. We disprove that the seminal ambimorphic algorithm for the development of B-trees by Takahashi [2] follows a Zipf-like distribution. But, indeed, DHTs and e-business have a long history of interfering in this manner. Indeed, Lamport clocks and local-area networks have a long history of interacting in this manner. We emphasize that Undergo allows B-trees. It should be noted that our system prevents linear-time methodologies. Obviously, we see no reason not to use unstable methodologies to measure the improvement of the Ethernet. Although such a hypothesis might seem perverse, it is supported by related work in the field. A compelling method to solve this quandary is the exploration of vacuum tubes. We emphasize that Undergo...

Words: 2111 - Pages: 9

Premium Essay

Networking

...Networking When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable the sharing of files and information between multiple systems. The Internet could be described as a global network of networks. Computer networks can be connected through cables, such as Ethernet cables or phone lines, or wirelessly, using wireless networking cards that send and receive data through the air. LAN - Local Area Network A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings. InTCP/IP networking, a LAN is often but not always implemented as a single IP subnet. In addition to operating in a limited space, LANs are also typically owned, controlled, and managed by a single person or organization. They also tend to use certain connectivity technologies, primarily Ethernet and Token Ring WAN - Wide Area Network As the term implies, a WAN spans a large physical distance. The Internet is the largest WAN, spanning the Earth. A WAN is a geographically-dispersed collection of LANs. A network device called a routerconnects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address. A WAN differs from a LAN in several important ways. Most WANs (like the Internet) are not owned by...

Words: 719 - Pages: 3

Premium Essay

Computer Hardware and Software

...choice of networks against all electronic threats. Networking hardware is hardware that is used to help work stations connect to a server. Although there are many different kinds of hardware like bridges, network cards the networking hardware that I have chosen to use in within my company’s network are routers, firewalls and switches. Using both routers and firewalls will help protect not only wireless networks but also those networks that use Ethernet cabling. I chose this hardware because I felt that it’s the best hardware to use when keeping my company’s network safe. The software that I have chosen to use is McAfee Anti-virus security software. This software along with the firewall will keep my company’s network safe and secure. Routers along with firewalls are the top network security hardware needed when it comes to keeping a network almost if not all totally secure. The firewall blocks out any unwanted activity as well block hackers from possibly hacking into our networks and stealing important information that pertains to our company and its customers. Along with the router and firewall networking software also plays a major part. The software is what the firewall uses to create its security barrier over the network. McAfee is one of the top manufacturers when it comes to network security. This software enables the use of not only the internet’s firewall but also the ability to detect viruses, anti-spyware upon the network, indicates safety of website upon network by color...

Words: 1488 - Pages: 6