...#8 | Design a Layered Security Strategy for an IP Network Infrastructure Lab #8 – aSSESSmENT WORkSHEET Design a Layered Security Strategy for an IP Network Infrastructure Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you designed a layered security strategy, similar to the seven domains of a typical IT infrastructure, for the Cisco Mock IT infrastructure shown in Figure 8.2. You based your design on a set of functional and technical requirements. You also provided a written functional overview and description of how your security strategy meets the defined requirements. Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? Assessment Worksheet 3. What recommendations do you have for the future e-commerce server and deployment in regard to 109 physical location and backend security for privacy data and credit card data? 4. What recommendations do you have to secure the server farm from unauthorized access? 5. If the organization implemented wireless LAN (WLAN) technology, what would you recommend regarding the use of VPNs or encryption within the internal network when accessing the server farm? 6. What is the purpose of a proxy server on a DMZ? 7. What is the purpose of an IDS/IPS on a DMZ...
Words: 314 - Pages: 2
...accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? DACL means discretionary access control list and it is a type of access control defined by the trusted computer system evaluation criteria. 2. Why would you add permissions to a group instead of the individual...
Words: 1428 - Pages: 6
...IS 3220 IT Infrastructure Security Project Part 1: Network Survey Project Part 2: Network Design Project Part 3: Network Security Plan ITT Technical Institute 8/4/15 Project Part 1: Network Survey Network Design and Plan Executive Summary: We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these problems could be mitigated by appropriate education in “hacker thinking” for technical staff. We will take a look at our security on routers and switches to make sure there are no leakages of data traffic. OBJECTIVE We have identified that we have loss some major accounts to competitors whose bids have been accurately just under our bid offers by exact amounts. We also believe due to shared reporting and public Web site functions that our Web servers have been compromised and our RFP documents have been leaked to competitors which enabled them to under bid us. We want to mitigate Web threats in the future; we realize the web is a mission critical business tool. We want to purchase new products and services, that will give us an edge and better...
Words: 3355 - Pages: 14
...1. What are some common risks, threats, and vulnerabilities commonly found in the Remote Access Domain that must be mitigated through a layered security strategy? Some common risks, threats, and vulnerabilities commonly found in the Remote Access Domain that must be mitigated through a layered security strategy are: • Private data or confidential data is compromised remotely (Kim & Solomon, 2012). • Unauthorized remote access to IT systems, applications, and data (Kim & Solomon, 2012). • Mobile worker laptop is stolen (Kim & Solomon, 2012). • Multiple logon retries and access control attacks (Kim & Solomon, 2012). 2. What default configuration should be placed on host-based firewalls when accessing the network remotely? The deny-by-default rulesets for incoming traffic should be placed on host-based firewalls when accessing the network remotely to prevent malware incidents (Wikia, n.d.). 3. What risks, threats, and vulnerabilities are introduced by implementing a Remote Access Server? Risks, threats, and vulnerabilities introduced by implementing a Remote Access Server are: • External hosts gain access to internal resources (Scarfone, Hoffman, & Souppaya, 2009) • An unauthorized user eavesdrops on remote access communications and manipulate them using a compromised server (Scarfone, Hoffman, & Souppaya, 2009) • Partially patched remote access servers (Scarfone, Hoffman, & Souppaya, 2009) 4. What is a recommended best practice when implementing a Remote Access Policy...
Words: 917 - Pages: 4
...Darrel Smith IT255 11/29/2011 Research Assignment 2 A sound security plan is the first step towards a multi-layer defense. To develop a plan, the company must access its most important assets; identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan in action. Emails are prime examples. It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting emails against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies. These antivirus and antispyware software, content filtering, and firewalls. Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop. The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution work together with the email program to provide a greater degree of protection against...
Words: 1445 - Pages: 6
...Worksheet Design a Layered Security Strategy for an IP Network Infrastructure Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data? I would place the e-commerce server in the DMZ with the private and credit card data stored inside the internal network. The...
Words: 475 - Pages: 2
...Part 1 Part 1: Assess and Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | ...
Words: 1625 - Pages: 7
...Network Documentation LAB 2 Introduction In this lab, you will learn how to use several different applications and interfaces to identify and document an IP network design and schema. Chief among these is PuTTY, which you used in Lab #1. The primary use of PuTTY is to establish Telnet and SSH sessions to remote servers. You will use PuTTY to collect information about those resources. You will also use Wireshark to capture packet data from the sessions you establish with PuTTY. Learning Objectives Upon completing this lab, you will be able to: • Develop a plan for identifying and documenting the logical IP network design and IP addressing schema based on data collected from Lab #1 • Use PuTTY to establish Telnet and SSH to the IP addresses of the identified interfaces on Cisco routers, switches, and firewalls • Use Cisco show commands to display the MAC-layer addresses of Ethernet ports, IP addressing schema, and subnet mask addressing used throughout the IP networking infrastructure • Document the MAC addresses and IP addresses of the IP networking infrastructure • Document the IP host addresses of the VM server farm hosts TOOLS AND SOFTWARE USED NAME Wireshark PuTTY Cisco IOS MORE INFORMATION http://www.wireshark.org/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.cisco.com/warp/cpropub/45/tutorial.htm 17 38504_LMxx_Lab02.indd 17 8/30/12 7:51 PM 18 LAB #2 | Network Documentation Deliverables Upon completion of this lab, you...
Words: 1982 - Pages: 8
...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and confidential...
Words: 3283 - Pages: 14
...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300...
Words: 4114 - Pages: 17
...not arbitrary. Principles should enable the business to achieve their strategy and be simple, consistent, flexible, enduring and useful: One bad principle can lead to thousands of bad architectural decisions — principles must be chosen with care. Below are a few examples to inspire. General 1. Non-proliferation of Technology Technical diversity will be controlled in order to reduce complexity. 2. Compliance with Law Compliance with all relevant laws and regulations. 3. Business Continuity The enterprise will be resilient to internal and external threats. 4. Business Alignment Every IT project must be aligned with business goals and strategy. 5. Common Use Solutions Cross-silo solutions are preferred over duplicative silo specific applications, systems and tools. 6. Simple Solutions IT will be as simple as possible. Where complexity is required it will be encapsulated and hidden behind a interface that is as simple as possible. 7. Quality A minimum standard of quality will be maintained despite time to market concerns. 8. Think Globally, Act Locally Solutions will consider the enterprise impact of architectural decisions. 9. Shared Resources Solutions will seek to maximum sharing of resources such as network, computing, storage and data. 10. Protection of Intellectual Property (IP) Patents, copyrights, trade secrets and other IP will be preserved and protected. Data 11. Information Openness Information...
Words: 1508 - Pages: 7
...Protecting Your Network UMUC CSEC 610 April 16, 2015 David Gianna Introduction According to Beaver (2010), to have a secure operating systems and applications, you need to have a secure network. Devices such as routers, firewalls, and even generic hosts (including servers and workstations) must be assessed as part of the ethical hacking process. There are thousands of possible network vulnerabilities, equally as many tools, and even more testing techniques. You probably don’t have the time or resources available to test your network infrastructure systems for all possible vulnerabilities, using every tool and method imaginable. Instead, you need to focus on tests that will produce a good overall assessment of your network. Beaver (2010), also states that when you assess your company’s network infrastructure security, you need to look at as the following: * Where devices, such as firewalls or IPS, are placed on the network and how they’re configured. * What external attackers see when they perform port scans, and how they can exploit vulnerabilities in your network hosts. * Network design, such as Internet connections, remote access capabilities, layered defenses, and placement of hosts on the network. * Interaction of installed security devices, such as firewalls, IPSes, antivirus, and so on. * What protocols are in use. * Commonly attacked ports that are unprotected. * Network host configurations. * Network monitoring and maintenance...
Words: 2274 - Pages: 10
...continue operating with a neglected IT infrastructure. A plan needs to be prepared to identify every issue with the IT infrastructure. Such plan should describe actions to eliminate or mitigate the risks, and provide a framework within which the improvement, development and delivery of information technology could be increasingly responsive, stable, and secure in the coming years. Some of the upgrades included on that plan are the following: •Network infrastructure should be upgraded to Gigabit Ethernet, considerably increasing network speed •Port speed needs to be increased from 10 Mbps to 100 Mbps •IDI Internet bandwidth should double immediately and significantly increased annually from that point forward •Deteriorating network infrastructure components have to be identified, replaced, and upgraded, and network reliability improved through the implementation of greater redundancy •Digital modems should replace the analog modems, improving reliability and connection speed •Wireless network standards need to be developed and implemented, and wireless access needs to be provided to several other locations •A new central directory needs to be created and developed as the authoritative source for identity information and authentication •A state-of-the-art backup system will be implemented for centralized backup of enterprise systems Upgrading IDI’s software is more than just an economic business decision. It is a matter of security, productivity, lower costs, and employee...
Words: 3341 - Pages: 14
...[pic] VoIP and IP Telephony: Planning and Implementation Table of Contents Executive Summary………. Legacy Telephony Technology………. Public Switched Telephone Network (PSTN) ………. IP Technology Solution Overview………. What is VoIP and how it works?.......... What is IP Telephony? ) ………. Benefits of IP Communications over a Converged Intelligent Network) ………. Economy) ………. Flexibility) ………. Resilience) ………. Productivity) ………. Building Blocks of Converged IP Communications Networks) ………. Network Infrastructure) ………. Applications) ………. End Points (Client Devices) ) ………. Call Processing) ………. Major IP Communications Solutions) ………. IP Telephony) ………. Considerations for Deploying IP Telephony) ………. IP Conferencing) ………. IP Contact Centers) ………. Unified Messaging) ………. Rich Media Communications—Integrated Audio, Video, and Web Conferencing) IP Videoconferencing) ………. IP Video Telephony) ………. Extension Mobility) ………. IP Telephony Applications) ………. Mobility Applications) ………. Softphones/Soft-agents ) ………. 802.11a/b/g Wireless LANs and Wireless or Soft IP Phones ) ………. Teleworker / Support) ………. Emergency Alerting Applications ) ………. Business Continuity / Disaster Recovery) ………. Land and Mobile Radio Convergence) ………. N11 Services—211, 311, 511, 711 Services to Relieve Overburdened 911 Systems ) ………. Video/Audio-On-Demand, E-Learning) ………. A "Typical" VoIP Configuration………...
Words: 10550 - Pages: 43
...Voip and Ip Telephony Implementations [pic] VoIP and IP Telephony: Planning and Implementation Table of Contents Executive Summary………. Legacy Telephony Technology………. Public Switched Telephone Network (PSTN) ………. IP Technology Solution Overview………. What is VoIP and how it works?.......... What is IP Telephony? ) ………. Benefits of IP Communications over a Converged Intelligent Network) ………. Economy) ………. Flexibility) ………. Resilience) ………. Productivity) ………. Building Blocks of Converged IP Communications Networks) ………. Network Infrastructure) ………. Applications) ………. End Points (Client Devices) ) ………. Call Processing) ………. Major IP Communications Solutions) ………. IP Telephony) ………. Considerations for Deploying IP Telephony) ………. IP Conferencing) ………. IP Contact Centers) ………. Unified Messaging) ………. Rich Media Communications—Integrated Audio, Video, and Web Conferencing) IP Videoconferencing) ………. IP Video Telephony) ………. Extension Mobility) ………. IP Telephony Applications) ………. Mobility Applications) ………. Softphones/Soft-agents ) ………. 802.11a/b/g Wireless LANs and Wireless or Soft IP Phones ) ………. Teleworker / Support) ………. Emergency Alerting Applications ) ………. Business Continuity / Disaster Recovery) ………. Land and Mobile Radio Convergence) ………. N11 Services—211, 311, 511, 711 Services to Relieve Overburdened 911 Systems ) ………. Video/Audio-On-Demand, E-Learning) ………. A "Typical" VoIP Configuration………. The Economics of VoIP ………. Selecting the...
Words: 10553 - Pages: 43
