...Security weaknesses within an organizations system put the organizations assets at risk. After reading and viewing the infrastructure and architecture of AS, there are a few vulnerabilities that are very noticeable that would put their system at risk. The two evident areas are the vulnerabilities with the policy and the hardware. The first vulnerability apparent is the policy on updating the firewall and router rule sets. The security policy of AS, require that all firewalls and router rule sets are to be evaluated every two years. This is a lengthy amount of time to go without evaluating the rule sets. The intervals in the evaluation of the rule sets would put the organization at great risk for potential threats. The second vulnerability that is noticeable is that the backups are stored at the server location. This would put the company at great risk if there were ever some kind of disaster to occur. The security weaknesses mentioned above can be decreased with proper security controls. Vulnerabilities Hardware Vulnerabilities The hardware infrastructure of the AS Headquarters in San Diego, California had been identified during our recent security assessment as being a potential security weakness to the company's overall information systems security infrastructure. The system hardware infrastructure comprises of Five (5) Individual Servers One (1) Switch Two (2) Routers One (1) Firewall The hardware area of concern was the lack of Firewalls being used to protect...
Words: 2393 - Pages: 10
...accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? DACL means discretionary access control list and it is a type of access control defined by the trusted computer system evaluation criteria. 2. Why would you add permissions to a group instead of the individual...
Words: 1428 - Pages: 6
...Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates. Company Overview Aircraft Solutions, headquarters located in San Diego, California develop and fabricate products and services for companies in the electronic, commercial, defense and aerospace industries. AS is made up of two (2) different divisions, the Commercial Division and the Defense Division. The Commercial Division is located in Chula Vista, CA and the Defense Division is located in Santa Ana, CA. AS company strategy is to offer low cost design and computer aided modeling packages to companies and assists them through the lifecycle of their product in an effort to save money for the consumer while profiting from their business. Vulnerabilities Hardware Vulnerabilities The hardware infrastructure of the AS Headquarters in San Diego, California had been identified during our recent security assessment as being a potential security weakness to the company's overall information systems security infrastructure. The system hardware infrastructure comprises of Five (5) Individual Servers One (1) Switch Two (2)...
Words: 2440 - Pages: 10
...Aircraft Solution (AS) Company Ali Hassan Submitted to: John Michalek SEC571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: April 21, 2013 Table of Contents Company Overview ……………………………………………1 Company Assets ………………………………………………..1 Vulnerabilities ………………………………………………….2 Hardware Vulnerability………………………………….......2 Policy Vulnerability …………………………..……………..3 Recommended Solutions…………………………………….... 5 Hardware Solutions ……………………...………………..…5 Policy Solutions ……………………………...……………...10 Budget ………………………………………………………….12 Summary ………………………………………………………13 References……………………………………………………...14 Company Overview Aircraft Solutions (AS) company located in Southern California design and fabricates component products and provide services for companies in the electronics, commercial, defense, and aerospace industry. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. AS uses Business Process Management (BPM) to handle end-to-end processes. BPM system is designed to connect customers, vendors, and suppliers. Security Weakness In the communication between AS’s headquarter and its two departments make the AS’s headquarter assets are targeted, I will discuss here about the vulnerabilities in software and the policy. Company’s Assets The assets for AS are the Business Process Management, BPM, system and the...
Words: 4091 - Pages: 17
...Capstone Project Cover Sheet Capstone Project Title: ABC Inc. Firewall upgrade Report Student Name: Michael Wakefield Degree Program: BS- IT Security Mentor Name: Dave Huff Signature Block Student’s Signature Mentor’s Signature Table of Contents Capstone Summary 3 Review of Other Work 13 Rationale and Systems Analysis 19 Goals and Objectives 25 Project Deliverables 28 Project Plan and Timelines 30 Project Development…………………………………………………………………………………………………………………………….31 Additional Deliverables………………………………………………………………………………………………………………………….35 Conclusion…………………………………………………………………………………………………………………………………………….35 References 37 Appendix 1: Competency Matrix 38 Appendix 2: Cisco ASA 5555-X Firewall Specifications…………………………………………………………….40 Appendix 3: ABC Inc. Project Schedule…………………………………………………………………………………….44 Appendix 4: High-Availability Design Screenshots……………………………………………………………………45 Appendix 5: Screenshots of inside to outside access; outside to DMZ access; NAT rules and configurations; and performance graphs and performance results….........................................51 Capstone Report Summary Internet of Everything (IoE) and “Big Data” equates to competitive advantages to the modern business landscape. Numerous white papers are circulating on the Internet highlighting the business case supporting the IoE initiative. For instance, in a white paper conducted by Cisco Inc. on the Value Index of IoE in 2013 reported the following: ...
Words: 9337 - Pages: 38
...of Science IT-Security Mentor Name: Signature Block Student’s Signature Mentor’s Signature Table of Contents Capstone Proposal Summary 1 Review of Other Work 8 Rationale and Systems Analysis 16 Goals and Objectives 22 Project Deliverables 26 Project Plan and Timelines 27 References 28 Appendix 1: Competency Matrix 4 Capstone Proposal Summary Internet of Everything (IoE) and “Big Data” equates to competitive advantages to the modern business landscape. Numerous white papers are circulating on the Internet highlighting the business case supporting the IoE initiative. For instance, in a white paper conducted by Cisco Inc. on the Value Index of IoE in 2013 reported the following: In February 2013, Cisco released a study predicting that $14.4 trillion of value (net profit) will be at stake globally over the next decade, driven by connecting the unconnected –people-to-people (P2P), machine-to-people (M2P), and machine-to-machine (M2M) - via the Internet of Everything (IoE). Cisco defines the Internet of Everything as the networked connection of people, process, data, and things. The IoE creates new “capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries” (The Internet of Everything, Cisco, Inc. 2014). With such a lofty goal looming, and the monetary potential, many sources will support the notion of companies scrambling to achieve a computing networking infrastructure that supports...
Words: 5523 - Pages: 23
...Modern Day Attacks Against Firewalls and Virtual Private Networks Electronic technology is growing at a rapid rate; more devices are made mobile and wireless, but with those improvement and developments come flaws and malicious opportunities. Cyber attacks are on the rise and no system or device is immune. Many organizations employ multiple layers of firewalls but that doesn’t completely eliminate the threat. Attacks against firewalls and virtual private networks or VPNs are constantly being exploited with new methods everyday, but they are yet another obstacle that a cyber criminal must overcome. First let’s discuss what a firewall is and what a firewall is capable of doing. Firewall applications are normally used to protect and secure private networks. A network can have a software, hardware or both firewalls installed and they provide the “ability to control in-bound and outbound traffic”, according to Pirc of Sans Technology Institute (para 2, nd). Most Microsoft operating systems today come with a firewall installed and Microsoft suggests that you should have a firewall set up on each system in your home, even if you have a hardware firewall such as a router that has security policies adjusted, this can help prevent any malicious activity from spreading across your home network. Most firewalls contain a variety of policies but they all at the very least have the same basic policies that can be set up. There are 3 common policies that you...
Words: 2441 - Pages: 10
...the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? Enforce password history, minimum password age, maximum password age, minimum password length, and store passwords using reversible encryption. 6. Is using the option to ‘Store passwords using reversible encryption’ a good security practice? Why or why not? When should you enable the option to ‘Store passwords using reversible encryption’? This option should be a last resort if...
Words: 1093 - Pages: 5
...CHaPTer Firewall Fundamentals 2 T O SOME NETWORK ADMINISTRATORS, A FIREWALL is the key component of their infrastructure’s security. To others, a fi rewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of fi rewalls stems from a basic misunderstanding of the nature of fi rewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defi nes the fundamentals of fi rewalls. These include what a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls...
Words: 15354 - Pages: 62
...Week 7 Disscusion "Network Security" Please respond to the following: • From the first e-Activity, discuss your rationale for choosing the specific firewall in question, and determine the primary way in which a company could incorporate it into an enterprise network in order to enhance security. Select the two (2) most important and / or unique features of the chosen firewall, and explain the primary reasons why those features make the firewall a viable option in enterprises today. Justify your answer. ANSWER: I would use the Cisco ASA. I chosen the Cisco ASA firewall because I read an article in the past about it. I’m not all that familiar with the Cisco ASA, but I do recall some information. Plus Cisco is a popular organization and I usually use them as a resource because of their reputation and affiliation with the government and other large companies. The Cisco ASA firewall is a firewall that is used by the government and other large companies. As Cisco states, Cisco ASA Next-Generation Firewall Services include Cisco Application Visibility and Control (AVC), Web Security Essentials (WSE), and Intrusion Prevention System (IPS). Cisco ASA has the next-generation firewall capabilities and network-based security controls for end-to-end network intelligence and streamlined security operations. The Cisco ASA also allows the maximum connections per second with the lowest overhead. It has great features and benefits that any small or large organization can...
Words: 596 - Pages: 3
...IS 3220 IT Infrastructure Security Project Part 1: Network Survey Project Part 2: Network Design Project Part 3: Network Security Plan ITT Technical Institute 8/4/15 Project Part 1: Network Survey Network Design and Plan Executive Summary: We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these problems could be mitigated by appropriate education in “hacker thinking” for technical staff. We will take a look at our security on routers and switches to make sure there are no leakages of data traffic. OBJECTIVE We have identified that we have loss some major accounts to competitors whose bids have been accurately just under our bid offers by exact amounts. We also believe due to shared reporting and public Web site functions that our Web servers have been compromised and our RFP documents have been leaked to competitors which enabled them to under bid us. We want to mitigate Web threats in the future; we realize the web is a mission critical business tool. We want to purchase new products and services, that will give us an edge and better...
Words: 3355 - Pages: 14
...Running head: Information System Security CIS 333 Technical Paper: Information System Security Donald Shipman CIS 333 Prof. Clapp March 11, 2012 In consideration of the security of the network of the pharmacy, the following physical vulnerabilities and threats are to be considered. The threat of disaster is considerable in almost any case. Such an occurrence would have a substantial impact on the network. Such threats include flooding, lightning, earthquake, wind, tornadoes, hurricanes, fire, environmental failure, and electrical interruption as these can destroy whole infrastructures and can cause valuable and important data to be lost. For example, in case of flood or fire it is certain that infrastructure will be destroyed that contains many hardware and storage system that contains valuable data such as detail of customers, product etc. so we would need to provide security to this data because loss of this information would have extreme consequences to the business, as well as being virtually impossible to recover at a total loss. We can use the method “backup and recovery” for to substantially reduce the impact of this disaster threat. Cloud technology can be deployed which would create a remote cold site that would allow access to critical system information with limited physical resources if necessary. When considering logical vulnerabilities and threats, the following is to be considered. Unauthorized modification of the database is a major threat...
Words: 2526 - Pages: 11
...NT 2580 Intro to Info Security Project part 1 December 8, 2015 Headquarters Phoenix, AZ Branch 1 Branch 2 Branch 3 Atlanta, GA Chicago, IL Cincinnati, OH User Domain * Have employees sign confidential agreement * Introduce an AUP acceptable use policy * Have HR verify an employee’s identity with background checks * Conduct security awareness training * Enable content filtering and antivirus scanning * Restrict access to only info needed to perform job * Track and monitor abnormal behavior of employees Workstation Domain * Implement workstation log on ids and password * HR must define proper access controls for workers based on jobs * IT security must then assign access rights to systems, apps, and data * IT director must ensure workstation conforms to policy * Implement second level test to verify a user’s right to gain access * Start periodic workstation domain vulnerability tests to find gaps * Define workstation application software vulnerability window policy * Use content filtering and antivirus scanning at internet entry and exit * Mandate annual security awareness training LAN Domain * Setup of user LAN accounts with logon ID and password access controls * Make sure wiring closets, data centers , and computer rooms are secure * Define strict access control policies * Implement second level identity check * Define a strict software vulnerability window policy ...
Words: 1912 - Pages: 8
...ING Life and Connection and Security Business Solution Brandon Osborne Strayer University Dr. Richard Brown February 15, 2016 ING Life ING Life is the leading provider of life insurance in Canada. The company is based in Ontario and operates out of three regional offices. In 1997, brokers at ING relied on phone, fax, and postal service to process policy information. Response times would take from hours to days to process. The company did have 56-kbps frame wide area network, but it only connected to the Ontario headquarters and the 70 managing general agent offices within the organization. It would send information through TCP/IP to a System Network Architecture (SNA) and route the data to the corporate mainframe in Connecticut. In July of 1999, ING begin to connect its brokers the extranet. All the brokers would have to do now was connect to the Internet and log into the Web server using their browser. The could access the corporate mainframe as if they were using TN3270 terminal with response times being under one minute. Before ING could launch their new public infrastructure, they had a security consultants probe for vulnerabilities in the system. But even as the years go by, new threats and weaknesses endanger the security of ING and the private information that it holds in its systems. Charl Van der Walt (2002) quoted in an article by saying; “The Internet, like the Wild West of old, is an uncharted new world, full of fresh and exciting opportunities...
Words: 862 - Pages: 4
...CHaPTer Firewall Fundamentals 2 T O SOME NETWORK ADMINISTRATORS, A FIREWALL is the key component of their infrastructure’s security. To others, a fi rewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of fi rewalls stems from a basic misunderstanding of the nature of fi rewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defi nes the fundamentals of fi rewalls. These include what a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls...
Words: 15354 - Pages: 62