Free Essay

Firewalls: Guidelines and Procedures

In:

Submitted By prmosley
Words 3077
Pages 13
Firewalls: Guidelines and Procedures

Introduction Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments. For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as accounting or personnel. By employing firewalls to control connectivity to these areas, an organization can prevent unauthorized access to its systems and resources. Inclusion of a proper firewall provides an additional layer of security (Broida, 2011). This research paper will give a background on firewalls. The background will cover an overview of firewall technologies, as well as firewall technologies, the common requirements of firewalls, and firewall policies. This paper will also give an analysis of firewalls which will consist of what I have learned in doing this research and my opinion on the research.
Overview of Firewall Technologies Several types of firewall technologies are available. One way of comparing their capabilities is to look at the Transmission Control Protocol/Internet Protocol [TCP/IP] layers that each is able to examine. TCP/IP communications are composed of four layers that work together to transfer data between hosts. When a user wants to transfer data across networks, the data is passed from the highest layer through intermediate layers to the lowest layer, with each layer adding more information. The lowest layer sends the accumulated data through the physical network, with the data then passed upwards through the layers to its destination. Simply put, the data produced by a layer is encapsulated in a larger container by the layer below it. The four TCP/IP layers, from highest to lowest, are application layer, transport layer, IP layer, also known as the network layer, and hardware layer, also known as the data link layer. The application layer sends and receives data for particular applications, such as Domain Name System [DNS], Hypertext Transfer Protocol [HTTP], and Simple Mail Transfer Protocol (SMTP). The application layer itself has layers of protocols within it. The transport layer provides connection-oriented or connectionless services for transporting application layer services between networks, and can optionally ensure communications reliability. Transmission Control Protocol [TCP] and User Datagram Protocol [UDP] are commonly used transport layer protocols. The IP layer routes packets across networks. Internet Protocol version 4 [IPv4] is the fundamental network layer protocol for TCP/IP. Other commonly used protocols at the network layer are Internet Protocol version 6 [IPv6], ICMP, and Internet Group Management Protocol [IGMP]. The hardware layer handles communications on the physical network components. The best known data link layer protocol is Ethernet (Sourour, Adel, & Tarek, 2009). Addresses at the data link layer, which are assigned to network interfaces, are referred to as media access control [MAC] addresses. An example of this is an Ethernet address that belongs to an Ethernet card. Firewall policies rarely concern themselves with the data link layer. Addresses at the network layer are referred to as IP addresses. The transport layer identifies specific network applications and communication sessions as opposed to network addresses; a host may have any number of transport layer sessions with other hosts on the same network. The transport layer may also include the notion of ports. A destination port number generally identifies a service listening on the destination host, and a source port usually identifies the port number on the source host that the destination host should reply to. Transport protocols such as TCP and UDP have ports, while other transport protocols do not. The combination of source IP address and port with destination IP address and port helps define the session. The highest layer represents end user applications (Sourour, Adel, & Tarek, 2009).
Firewalls can inspect applications traffic and use it as the basic for policy decisions. Basic firewalls operate on one or a few layers, typically the lower layers, while more advanced firewalls examine all of the layers. Firewalls that examine more layers can perform more granular and thorough examinations. Firewalls that understand the application layer can potentially accommodate advanced applications and protocols and provide services that are user-oriented. For example, a firewall that only handles lower layers cannot usually identify specific users, but a firewall with application layer capabilities can enforce user authentication and log events to specific user (Sourour, Adel, & Tarek, 2009) .
Firewall Technologies Firewalling is often combined with other technologies, most notably routing. Furthermore, many technologies often associated with firewalls are more accurately part of these other technologies. For example, network address translation [NAT] is sometimes thought of as a firewall technology, but it is actually a routing technology. Many firewalls also include content filtering features to enforce organization policies not directly related to security. Some firewalls include intrusion prevention system [IPS] technologies, which can react to attacks that they detect to prevent damage to systems protected by the firewall (Sourour, Adel, & Tarek, 2009). Firewalls are often placed at the perimeter of a network. Such a firewall can be said to have an external and internal interface, with the external interface being the one on the outside of the network. These two interfaces are sometimes referred to as unprotected and protected, respectively. However, saying that something is or is not protected is often inappropriate because a firewall’s policies can work in both directions. For example, there might be a policy to prevent executable code from being sent from inside the perimeter to sites outside the perimeter (Lihua,
2010).
The most basic feature of a firewall is the packet filter. Older firewalls that were only packet filters were essentially routing devices that provided access control functionality for host addresses and communication sessions. These devices, also known as stateless inspection firewalls, do not keep track of the state of each flow of traffic that passes though the firewall; this means, for example, that they cannot associate multiple requests within a single session to each other. Packet filtering is at the core of most modern firewalls, but there are few firewalls sold today that only do stateless packet filtering. Unlike more advanced filters, packet filters are not concerned about the content of packets. Their access control functionality is governed by a set of directives referred to as a rule set. Packet filtering capabilities are built into most operating systems and devices capable of routing; the most common example of a pure packet filtering device is a network router that employs access control lists. In their most basic form, firewalls with packet filters operate at the network layer. This provides network access control based on several pieces of information contained in a packet, including the packet’s source IP address, the packet’s destination address, and the network or transport protocol being used to communicate between source and destination hosts, such as TCP, UDP, or ICMP ((Broida, 2011). Filtering inbound traffic is known as ingress filtering. Outgoing traffic can also be filtered, a process referred to as egress filtering. Here, organizations can implement restrictions on their internal traffic, such as blocking the use of external file transfer protocol [FTP] servers or preventing denial of service [DoS] attacks from being launched from within the organization against outside entities. Organizations should only permit outbound traffic that uses the source IP addresses in use by the organization, a process that helps block traffic with spoofed addresses from leaking onto other networks. Spoofed addresses can be caused by malicious events such as malware infections or compromised hosts being used to launch attacks, or by inadvertent misconfigurations (Sourour, Adel, & Tarek, 2009). Stateless packet filters are generally vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack. For example, many packet filters are unable to detect when a packet’s network layer addressing information has been spoofed or otherwise altered, or uses options that are permitted by standards but generally used for malicious purposes, such as IP source routing. Spoofing attacks, such as using incorrect addresses in the packet headers, are generally employed by intruders to bypass the security controls implemented in a firewall platform. Firewalls that operate at higher layers can thwart some spoofing attacks by verifying that a session is established, or by authenticating users before allowing traffic to pass. Because of this, most firewalls that use packet filters also maintain some state information for the packets that traverse the firewall (Broida, 2011). Some packet filters can specifically filter packets that are fragmented. Packet fragmentation is allowed by the TCP/IP specifications and is encouraged in situations where it is needed. However, packet fragmentation has been used to make some attacks harder to detect (by placing them within fragmented packets), and unusual fragmentation has also been used as a form of attack. For example, some network-based attacks have used packets that should not exist in normal communications, such as sending some fragments of a packet but not the first fragment, or sending packet fragments that overlap each other. To prevent the use of fragmented packets in attacks, some firewalls have been configured to block fragmented packets (Broida, 2011). Today, fragmented packets on the Internet often occur not because of attacks, but because of virtual private networking [VPN] technologies that encapsulate packets within other packets. If encapsulating a packet would cause the new packet to exceed the maximum permitted size for the medium it will be transmitted on, the packet must be fragmented. Fragmented packets being blocked by firewalls is a common cause of VPN interoperability issues. Some firewalls can reassemble fragments before passing them to the inside network, although this requires additional firewall resources, particularly memory. Firewalls that have this reassembly feature must implement it carefully, otherwise someone can readily mount a denial-of-service attack. Choosing whether to block, reassemble, or pass fragmented packets is a tradeoff between overall network interoperability and full system security. Given this, automatic blocking of all fragmented packets is not recommended because of the legitimate and necessary uses of fragmentation on the Internet (Sourour, Adel, & Tarek, 2009). Stateful inspection improves on the functions of packet filters by tracking the state of connections and blocking packets that deviate from the expected state. This is accomplished by incorporating greater awareness of the transport layer. As with packet filtering, stateful inspection intercepts packets at the network layer and inspects them to see if they are permitted by an existing firewall rule, but unlike packet filtering, stateful inspection keeps track of each connection in a state table. While the details of state table entries vary by firewall product, they typically include source IP address, destination IP address, port numbers, and connection state information (Sourour, Adel, & Tarek, 2009). A newer trend in stateful inspection is the addition of a stateful protocol analysis capability, referred to by some vendors as deep packet inspection. Stateful protocol analysis improves upon standard stateful inspection by adding basic intrusion detection technology, an inspection engine that analyzes protocols at the application layer to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations. This allows a firewall to allow or deny access based on how an application is running over the network. For instance, an application firewall can determine if an email message contains a type of attachment that the organization does not permit, such as an executable file, or if instant messaging [IM] is being used over port 80, typically used for HTTP (Sourour, Adel, & Tarek, 2009).
Common Requirements of Firewalls

Firewall devices at the edge of a network are sometimes required to do more than block unwanted traffic. A common requirement for these firewalls is to encrypt and decrypt specific network traffic flows between the protected network and external networks. This nearly always involves VPN, which use additional protocols to encrypt traffic and provide user authentication and integrity checking. VPNs are most often used to provide secure network communications across networks that are not trusted. Another common requirement for firewalls at the edge of a network is to perform client checks for incoming connections from remote users and allow or disallow access based on those checks. This checking, commonly called network access control [NAC] or network access protection [NAP], allows access based on the user’s credentials and the results of performing what is referred to as health checks on the user’s computer. Health checks typically consist of verifying that one or more of the following comply with organizational policy. Latest updates to antimalware and personal firewall software, configuration settings for antimalware and personal firewall software, elapsed time since the previous malware scan, patch level of the operating system and selected applications, and/or security configuration of the operating system and selected applications. These health checks require software on the user’s system that is controlled by the firewall. If the user has acceptable credentials but the device does not pass the health check, the user and device may get only limited access to the internal network for remediation purposes (Elfarag, Baith, & Alkhishali, 2009). Although firewalls at a network’s perimeter provide some measure of protection for internal hosts, in many cases additional network protection is required. Network firewalls are not able to recognize all instances and forms of attack, allowing some attacks to penetrate and reach internal hosts. Attacks sent from one internal host to another may not even pass through a network firewall. Because of these and other factors, network designers often include firewall functionality at places other than the network perimeter to provide an additional layer of security.
Host-based firewalls for servers and personal firewalls for desktop and laptop personal computers [PC] provide an additional layer of security against network-based attacks. These firewalls are software-based, residing on the hosts they are protecting, each monitors and controls the incoming and outgoing network traffic for a single host. They can provide more granular protection than network firewalls to meet the needs of specific hosts (Goldsborough, 2001).
Firewall Policies A firewall policy dictates how firewalls should handle network traffic for specific IP addresses and address ranges, protocols, applications, and content types based on the organization’s information security policies. An organization’s firewall policy should be based on a comprehensive risk analysis. Firewall policies should be based on blocking all inbound and outbound traffic, with exceptions made for desired traffic. Policies should take into account the source and destination of the traffic in addition to the content. Many types of IPv4 traffic, such as that with invalid or private addresses, should be blocked by default. Organizations should have policies for handling incoming and outgoing IPv6 traffic. An organization should determine which applications may send traffic into or out of its network and make firewall policies to block traffic for other applications (Khakpour & Jalili, 2009).
Analysis of Firewalls Firewalls are commonly used in most organizations. In researching firewalls, I discovered that utilizing a firewall is like project management. There are steps that need to be taken when implementing a firewall. I wasn't aware that planning and implementing a firewall are such in depth procedures. As with any new technology deployment, firewall planning and implementation should be addressed in a phased approach. A successful firewall deployment can be achieved by following a clear, step-by-step planning and implementation process. The use of a phased approach for deployment can minimize unforeseen issues and identify potential pitfalls early on. The firewall planning and implementation process includes planning, configuring, testing, deploying and managing. The planning phase involves identifying all requirements that an organization should consider when determining which firewall to implement to enforce the organization’s security policy. The configuring phase involves all facets of configuring the firewall platform. This includes installing hardware and software as well as setting up rules for the system. The testing phase involves implementing and testing a prototype of the designed solution in a lab or test environment. The primary goals of testing are to evaluate the functionality, performance, scalability, and security of the solution, and to identify any issues, such as interoperability, with components. Once testing is completed and all issues are resolved, the next phase focuses on deployment of the firewall into the enterprise. Finally, after the firewall has been deployed, it is managed throughout its lifecycle to include component maintenance and support for operational issues. This lifecycle process is repeated when enhancements or significant changes need to be incorporated into the solution (Uribe & Cheung, 2007). There has been extensive research done on firewalls. I think as long as technology continues to strive, the implementation of firewalls will steadily increase.
Conclusion

Utilizing firewalls can be very beneficial to organizations, if implemented correctly. All required steps in implementing a firewall should be carefully followed, in order to eliminate chances of human errors in implementing the firewall. One mistake can cause major problems for an organization. Organizations should only permit outbound traffic that uses the source IP addresses in use by the organization. In general, a firewall should fit into a current network’s layout.
Different common network architectures lead to very different choices for where to place a firewall, so an organization should assess which architecture works best for its security goals. In some environments, putting one firewall behind another may lead to a desired security goal, but in general such multiple layers of firewalls can be troublesome (Broida, 2011).

References
Broida, R. (2011). Minimize Security Software Headaches. PC World, 29(12), 112. Elfarag, A., Elfarag, A., Baith M., A. A., & Alkhishali, H. H. (2009). Description and Analysis of Embedded Firewall Techniques. World Academy Of Science, Engineering & Technology, 58421-426.
Goldsborough, R. (2001). Keeping Hackers Away With Personal Firewalls. Teacher Librarian, 29(2), 40.
JYOSTNA, K. K., & PADMAJA, V. V. (2011). Secure Embedded System Networking: An Advanced Security Perspective. International Journal Of Engineering Science & Technology, 3(5), 3854-3862.
Khakpour, N., & Jalili, S. (2009). VERIFICATION OF DISTRIBUTED FIREWALLS CONFIGURATION VS. SECURITY POLICIES USING ALCQI(D). Applied Artificial Intelligence, 23(10), 945-975. doi:10.1080/08839510903208088
Sourour, M., Adel, B., & Tarek, A. (2009). Ensuring security in depth based on heterogeneous network security technologies. International Journal Of Information Security, 8(4), 233-246. doi:10.1007/s10207-009-0077-2
Uribe, T. E., & Cheung, S. (2007). Automatic analysis of firewall and network intrusion detection system configurations. Journal Of Computer Security, 15(6), 663-687.

Similar Documents

Premium Essay

Nt2580- Project Part 1

...setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. f. Automated antivirus solution that updates and scans each workstation automatically. g. Vulnerability policies for workstation operating systems and application software 3. LAN Domain a. LAN domain includes both Logical configuration and physical network components. b. Wiring closets, data centers, and computer rooms need to be secured. c. Strict access control procedures, standards,...

Words: 779 - Pages: 4

Premium Essay

Strategic Plan

...u09d1 Project Plan Draft Julian G. Romero II IT 4990 Integrated Action Learning Project 8430 Favero Cove Converse, TX 78109 210-310-2397 Instructor: Joe Johnson Table of Contents Work in progress… Executive Summary 2econd2n0ne.com is a newly developed motorcycle parts and apparel store created by my good friend Mr. Brockton Gardner. Mr. Gardner is a motorcycle enthusiast, and is in tune with the motorcycle industry with a great number of people who are also enthusiasts that he’s networked with; qualities that can spell success for his website as soon as it goes live. There are many factors to consider before going live with one of those factors being security. My project proposal is a security plan that will protect Mr. Gardner, and his website, from the variety of Internet and physical security threats. This security plan is not a complete overhaul of current systems and methods used, but a plan to harden current security measures. An environmental scan conducted on the website, and Mr. Gardner, has shown that although security measures are being taken there can be some improvements to further protect his investment, and reduce the chances of a malicious attack. Internet threats aren’t the only concerns. Physical security must be considered because mobile devices, to include laptops, are lost and stolen on a daily basis. Most mobile devices carry considerable amounts of sensitive or private information giving all the more reason...

Words: 2765 - Pages: 12

Premium Essay

Security Requirements and Risks

...Security Requirements and Risks Paper Security Requirements and Risks Paper There are a lot of businesses such as Huffman Trucking that complete risk reviews to determine the quantity of threats that may affect their company, and discover ways in dealing with them before a huge tragedy takes place.   Risks include hypothetical efficiency of loss of impact, security measures, vulnerabilities and threats that are widespread in today's world.   Huffman Trucking sticks to procedures and guidelines that are overseen by dealings by which the organization assesses and handles its contact to risk.   Nearly all businesses cope with some risk or possible risk that could possibly trigger a giant blow to their business.  These threats and risks typically come from outside or within any organization.   In order to get ready for the worst that may occur, corporations should direct their attention on how to consider distinctive types of risk so they could shield themselves from the damage caused by them.   The first security risk that needs to be looked into is username and passwords that are assigned to each user. Listed are some cons of password security: Do not choose a password that has to do with family, name, or any personal information that anyone could figure out easily. Writing passwords down is giving others easy access to your personal information. If needed write it down and put it in a safe place where no one is able to find it. Some pros of password security...

Words: 763 - Pages: 4

Free Essay

Denial of Service

...DoS/DDoS Prevention This document details guidelines that can be implemented to the school to prevent the recent DDoS attack the school experienced. These guidelines are by no means any requirement, however each will grant an additional layer of security for the current networks and services in production. Implement Policies and procedures An Acceptable Use Policy is a policy that defines what type of actions are allowed to be performed on the systems and network to which the policy applies. For the school, an Acceptable Use Policy may state that users of the computers and network must be performing functions related to the school such as homework, administration, research, etc. In addition to defining what is allowed, the Acceptable Use Policy should also specify what actions will be taken when a user or individual violates the policy. The acceptable use policy should be made accessible to every user. One method to do this would be to display the policy when a user logs in or direct them to where they can read the document. (Glenn, 2003.) Develop Incident Response Procedures The incident response procedures should identify the following: ← Define who the respondents are and what each individual's responsibility is ← Specify what data is to be collected and what actions are expected ◦ This would include gathering information on the attacker and a clearly defined resolution path for the team to return systems to a pre-attack state ...

Words: 699 - Pages: 3

Free Essay

Security Solutions

...Jonathan E. La Rosa July 22, 2014 NTC/411 Randal C. Shirley Security Solutions Firewalls have been around for years. In that time, they have protected various different organizations and corporations from possible hacker attacks. They play a critical part in protecting the internal network and making sure that packets are screened and checked before being provided access. Although firewalls are extremely powerful, especially in today’s world, they cannot be the only source of protection that the network can have. Various other technologies need to be used in order to actually make sure that the data is secure and that information has not be tampered with. Intrusion Prevention Systems, or IPS’, as well as Intrusion Detection Systems, or IDS’ are great in making sure that the network is free of any attacker or unwanted individual. These different technologies working together can provide the best protection possible, although they do have to be monitored in order to make sure they are working in the best way possible. Firewall Protection Managing firewalls is a fundamental function in making sure a network is secure. Network security managers are the main individuals who have to make sure that the firewall is constantly working in the most effective and efficient way possible. The rules that are in place within this device can and will affect the network and how it responds. Firewalls need to be constantly upgraded and put with the latest software in order to be effective...

Words: 948 - Pages: 4

Premium Essay

Security Risk Management Plan

...Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15 Executive summary A Security Risk Management Plan (SRMP) helps CBS by providing specific guidelines and rules to ensure risk management is considered and included. It provides guidelines for its implementation that can minimise the threats by planning, policies, processes and procedures that can help your business get everything back to normal as soon as possible. This SRMP was designed for the guidelines for its implementation of risk management in CBS and in its operations in order to ensure its security and safety of its staff and assets. Throughout this SRMP it identifies threats, procedures, policies, responsible person and etc which will provide you and your staff information to prepare you with the worst disaster event. Every business these days has a SRMP in case of any events which may occur, this is essential for every business to provide a base of guidelines and security risk controls. Project purpose The purpose of this Security Risk Management Plan is to provide a guideline of risk management in CBS and its operation. It also analyses risks and provides information on implementation of risk controls to ensure security. Scope...

Words: 2028 - Pages: 9

Free Essay

Pci-Dss

...customers and employees, guidelines, laws, and policies have been established to insure the privacy of such information is secure. Only those authorized to view, change, or remove such data must be fully authenticated through proper procedures. In addition, established protocols and encryption methods must be use to access database information via the Internet. This section of the report will address these and other challenges related to IT privacy and security. PCI DSS (Payment Card Industry Data Security Standard) is an information security standard that was created from a joint effort of major credit card companies in 2004. Its purpose is to create controls that would reduce credit card fraud. This standard is built around 6 principles and 12 requirements. It is assumed that Beachside Bytes intends to credit cards as a form of payment and must therefore comply with the following principles set forth. The first principle, "Build and Maintain a Secure Network", is enforced through 2 requirements: (1) Install and maintain a firewall, and (2) do not use defaults (IE. passwords). Firewalls create a single point of defense between two networks. Since the Internet is web of networks, it is important that firewalls are installed in every Beachside Bytes local area network location. Since the company has 3 major locations in Miami, San Diego, and Honolulu, a minimum of 1 firewall at each location is required. If a website is maintained, 2 firewalls and a DMZ (demilitarized...

Words: 1244 - Pages: 5

Free Essay

Richman Investments Security Outline

...Richman Investments Security Outline Welcome to Richman Investments (RI) where we strive to bring you the most secure, reliable, and available resources that we can offer. We know that work needs to be done and that most of you aren’t aware of the security procedures taking place behind the scenes. We have devised a summary of the seven domains of the company and its security model. Please take the time to read this over and understand the implications of not following company guidelines, procedures, and policies. The user domain contains the users and/or employees that will be accessing resources within the organizations information system. A user can access systems, applications and data within the rights and privileges defined by the AUP (acceptable use policy). The AUP must be followed or the user may be dismissed or have their contracts terminated. With the user domain being one of the most vulnerable aspects of any organization, there are a wide variety of user related threats ranging from lack of awareness to blackmail and extortion. Employees are responsible for their own actions when using company assets and the HR department will be doing background checks on all employees within the company to ensure integrity within the workforce. Enforcement of the user level domain will include the use of RFID badges and pins for all areas of the facility and rooms that require special access. The workstation domain is where most users connect to the organizations infrastructure...

Words: 1016 - Pages: 5

Premium Essay

Beacuse I Have to

...State of North Carolina Statewide Information Security Manual Prepared by the Enterprise Security and Risk Management Office Publication Date: April 20, 2012 INTRODUCTION FOR STATEWIDE INFORMATION SECURITY MANUAL ...... 1 GUIDANCE FOR AGENCIES .............................................................................. 1 CHAPTER 1 – CLASSIFYING INFORMATION AND DATA ................................ 2 CHAPTER 2 – CONTROLLING ACCESS TO INFORMATION AND SYSTEMS. 7 CHAPTER 3 – PROCESSING INFORMATION AND DOCUMENTS ................. 32 CHAPTER 4 – PURCHASING AND MAINTAINING COMMERCIAL SOFTWARE ..................................................................................................... 107 CHAPTER 5 – SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT .................................................................................................... 122 CHAPTER 6 – COMBATING CYBER CRIME ................................................. 146 CHAPTER 7 – CONTROLLING E-COMMERCE INFORMATION SECURITY 153 CHAPTER 9 – DEALING WITH PREMISES RELATED CONSIDERATIONS . 173 CHAPTER 10 – ADDRESSING PERSONNEL ISSUES RELATING TO SECURITY ........................................................................................................ 185 CHAPTER 11 – DELIVERING TRAINING AND STAFF AWARENESS .......... 192 CHAPTER 12 – COMPLYING WITH LEGAL AND POLICY REQUIREMENTS ......................................................................................................................

Words: 65255 - Pages: 262

Premium Essay

Bsa375

...Riordan Manufacturing is an international manufacturer of plastics and is currently make its mark on the industry as an industry leader. Currently Riordan Manufacturing has four locations that all serve different purposes in the company. Riordan Manufacturing has locations in Albany, Georgia, Pontiac, Michigan, Hangzhou, China and the corporate headquarters in San Jose, California. Riordan Manufacturing uses a Wide Area Network (WAN) that allow the three locations to be connected to the corporate headquarters in San Jose, California. Along with the Wide Area Network to connect the locations to the Corporate Headquarters of Riordan Manufacturing, each location has its own Local Area Network (LAN). Network Architecture. The topology of the networks varies from site to site. The network of the Corporate Headquarters and the location in China both use a bus topology in both networks there is a single 100BaseT line that is either connected to a server or an interface device. The other two site Albany, Georgia and Pontiac, Michigan both use what seems to be a partial mesh topology or a hybrid topology. The servers on these networks are all connected together , the interface devices are connected to the server, and the clients and printers are then connected to only the interface devices. All of the locations have their own local area network which is connected to the Corporate Headquarter though a point to point connection which is a star topology. The China location has a point...

Words: 2198 - Pages: 9

Premium Essay

Intro to Info Security Project Part 1

...User Domain Risk, Threat, or Vulnerability Lack of user awareness • Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to the...

Words: 726 - Pages: 3

Premium Essay

It255

...Internet DMZ Equipment Policy 1.0 Purpose The purpose of this policy is to define standards to be met by all equipment owned and/or operated by Richman Investments located outside Richman Investment's corporate Internet firewalls. These standards are designed to minimize the potential exposure to Richman Investment from the loss of sensitive or company confidential data, intellectual property, damage to public image etc., which may follow from unauthorized use of Richman Investment resources. Devices that are Internet facing and outside the Richman Investment firewall are considered part of the "de-militarized zone" (DMZ) and are subject to this policy. These devices (network and host) are particularly vulnerable to attack from the Internet since they reside outside the corporate firewalls. The policy defines the following standards: * Ownership responsibility * Secure configuration requirements * Operational requirements * Change control requirement 2.0 Scope All equipment or devices deployed in a DMZ owned and/or operated by Richman Investment (including hosts, routers, switches, etc.) and/or registered in any Domain Name System (DNS) domain owned by Richman Investment, must follow this policy. This policy also covers any host device outsourced or hosted at external/third-party service providers, if that equipment resides in the "RichmanInvestment.com" domain or appears to be owned by Richman Investment. All new...

Words: 1219 - Pages: 5

Premium Essay

Hippa Security

...Central Medical Services, L. L. C. Security Plan To meet HIPPA security requirements within this network the following hardware, software, procedures and guidelines will be met: System security accreditation will be supported by reviewing the system set in place to include its management, operational and technical controls. This is the formal authorization for system operation and explicit acceptance of risk. Periodic reaccreditation will follow to formally reexamine the system from a broader perspective to address the high-level security, management concerns and the implementation of the security. A certification process will be established to demonstrate and document that all computer systems and network devices meet HIPPA criteria to consider risks identified during the risk assessment process. The following hardware and devices will be tested thoroughly to prevent intrusion and meet HIPPA Security regulations for systems certification and accreditation to prevent unauthorized access: Routers will be placed along the perimeter of the network and properly configured to route all packets through the network, drop traffic to unknown destinations and block all local broadcasts. Security filtering will be set by the use of an Access Control List (ACL) to allow or deny traffic throughout the network based upon IP addresses, packet header information, protocols or port numbers. The router will be set for ports not in use will be closed. Assessment of router security will...

Words: 987 - Pages: 4

Free Essay

Mock Security Polocy

...would you want a policy? • Regulatory compliance • Due care; due diligence • Assign responsibility • Assign authority, e.g., incident response • Publicize to members of organization • Create framework for development of standards, procedures, baselines, and guidelines. • Proclaim priorities; values • Specific issues need to be addressed formally by organization as a whole Mission Statements: per Paul Drucker, a MS has to be operational, otherwise, it's just good intentions. A policy statement is a way of operationalizing your entity's mission statement. Measure of policy: SMART • Specific • Measurable • Achievable • Realistic • Time-based Policy Taxonomy • • • • Policy: what and why-objective Standards: measures of compliance. DOD, FIPS. E.g., level of software or hardware. Baselines: minimum standards Guidelines: not mandatory, not compulsory, several solutions may be satisfactory. Procedures: explicit actions, sometimes in explicit order at a specific time (e.g., prior to production/operation). Mandatory. Procedures employ standards. Policies Standards Guidelines Procedures Different types of policies: issue vs. system policies 1 • • • • Passwords Acceptable use Email Copyright Firewalls Mobile Devices Email servers Copiers Policy Structure • Purpose: the why; problem is defined, objectives, reason for policy • Background: historical or current rationale • Cancellation/expiration: supercedes existing policy •...

Words: 376 - Pages: 2

Premium Essay

Nt1310 Unit 1 Network And Data Security

...Phase Three With the network topology and employee workstations configured as requested, network functionality and security are a necessity for enterprise protection. Phase three takes into consideration both network and data security. This data security is a combination of both network resources in addition to personnel training. While these objectives have separate outcomes, they work in tandem with each other to provide holistic network security. Firewalls, Antivirus, and Intrusion Detection/Prevention In the simplest form, firewalls provide a go/no-go gate for passing traffic from the internal network to the internet. By setting up appropriate rulesets, the network administrators restrict and allow different data packages which users and peripheral...

Words: 1641 - Pages: 7