...Firewalls: Guidelines and Procedures Introduction Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments. For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as accounting or personnel. By employing firewalls to control connectivity to these areas, an organization can prevent unauthorized access to its systems and resources. Inclusion of a proper firewall provides an additional layer of security (Broida, 2011). This research paper will give a background on firewalls. The background will cover an overview of firewall technologies, as well as firewall technologies, the common requirements of firewalls, and firewall policies. This paper will also give an analysis of firewalls which will consist of what I have learned in doing this research and my opinion on the research. Overview of Firewall Technologies Several types of firewall technologies are available. One way of comparing their capabilities is to look at the Transmission Control Protocol/Internet Protocol [TCP/IP] layers that each is able to examine. TCP/IP communications are composed of four layers that work together to transfer data between hosts. When a user wants to transfer data across...
Words: 3077 - Pages: 13
...The Necessity of Information Assurance 1 The Necessity of Information Assurance Adam Smith Student ID: Western Governors University The Necessity of Information Assurance 2 Table of Contents Abstract ........................................................................................................................................... 5 Introduction ..................................................................................................................................... 6 Project Scope .............................................................................................................................. 6 Defense of the Solution ............................................................................................................... 6 Methodology Justification .......................................................................................................... 6 Explanation of the Organization of the Capstone Report ........................................................... 7 Security Defined ............................................................................................................................. 8 Systems and Process Audit ............................................................................................................. 9 Company Background ................................................................................................................ 9 Audit Details ...........................
Words: 12729 - Pages: 51
...Report on the use of Firewalls in Network Security Introduction: A firewall is defined as a piece of software or hardware used to enforce network security policies by monitoring both internal and external network traffic ensuring that unwanted access or data is prohibited. Most of the modern firewalls that are used today are software based solutions however some exist as hardware solution with embedded software logic. Many authors on firewall technologies are of the opinion that the firewall acts as a bridge between a private internal network and external networks such as the internet. The primary functions of a firewall are as follows: * It limits the entry points to a network * Prevents malicious software or individuals from entering the private network * It limits the exit points from the network Since all traffic leaving and entering the internal network the firewall is considered to be the single most important tool to be used to protect a network. It allows the network administrators to know exactly the state of the network security. Currently, there are different types of firewall implementation. These ranges from dedicated routers and switches with embedded software to a single dedicated host computer with appropriate software. A firewall does not exist as a single piece of hardware solution. In fact, it is the software that is hosted by the hardware that is capable of carrying out the appropriate analyses of the network traffic to ensure that the...
Words: 2370 - Pages: 10
...Security Assessment for Aircraft Solutions Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 Hardware Vulnerability – Absence of a Firewall 4 Policy Vulnerability – Lack of Timely Updates 5 Recommended Solutions 6 A Hardware Solution 6 Impact on Business Processes 9 A Policy Solution 9 Impact on Business Processes 10 Summary 10 References 12 Executive Summary This report will seek to evaluate and address security weaknesses with the Aircraft Solutions company. As security weaknesses are pointed out relating to hardware and policy weaknesses, recommendations will be made to Aircraft Solutions to be examined and hopefully implemented to improve IT security operations. Aircraft Solutions, located in Southern California, recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. In reviewing Aircraft Solutions and its operations, uncovered were security vulnerabilities. Two vulnerabilities that were evident were issues with a lack of firewalls and the current security policy in place that is reviewed only every two years. Recommendations have been made that made help to remedy these vulnerabilities through the use of virtualization and by changing the security policy to be evaluated semi-annually instead of every two...
Words: 2450 - Pages: 10
...contribute to the growth of a progressive company with quality products and services in the field of Telecommunications and Information Technology (ICT). SUMMARY OF SKILLS AND EXPERIENCE • Total 2 years and 4 months of experience with Advanced Diploma in Telecommunication Engineering and Cisco Certified Network Associate (CCNA). • 2 years and 8 months of experience as Network Engineer (Windows/Linux/Network). Possess the expertise in the following: Networking • Installations, Configurations and Troubleshooting of; • Wireless local Area network (WLAN) • Local Area Network (LAN) and Wide Area Network (WAN) Security • Wimax CPE (Alvarion) for SAFARICOM and ACCESSKENYA networks • Free Space Optic link (FSO) • Mikrotik CPE and router. • Nanostation 2.4Ghz and 5Ghz • Cisco routers and switches • Firewalls rules implementation • VoIP servers using IP PABX • Network IP planning • Software and hardware Windows •...
Words: 1141 - Pages: 5
...increase the need for data protection to ensure that customer’s personal data is kept same during all points of the application and loan process. Implementing online loan applications means customer information will be input into web forms and then transferred to the company database. This creates the potential for hackers to steal or corrupt the data and to use it to gain access to other company servers. In order to prevent this from occurring and limiting the damage done in the case of a successful attack McBride must implement a Prevention, Detection, and Recovery plan. Prevention A prevention plan for McBride will be need to include protection for the company servers and protection for client information. The first step in this plan is to establish a demilitarized zone (DMZ) to separate the web server from the company databases and other company servers. The most secure way to implement this is to use two firewalls. The first one will be set to allow necessary traffic to the web server and to block malicious code. It will have a looser configuration to ensure that clients do not have issues gaining access to needed applications or services. The second firewall will be set to stricter configurations to prevent any malicious code that gets past the first firewall from entering the company network. Different brands and types of firewalls will also be used in this scenario to...
Words: 1058 - Pages: 5
...Unauthorized network probing and port scanning Unauthorized access through the LAN-to-WAN domain IP router, firewall, and network appliance operating system software vulnerability. Threats from people (this could be misconfigured equipment) Equipment not being used correctly Use of personally owned software/hardware Viruses, Trojans, and network worms Fire, water, electrical disturbances, and hardware failures. LAN-to-WAN Domain Solutions Effective logical access control starts with defining system-specific security policies that clearly and concisely state what protection mechanisms are to be enforced in order to achieve security requirements for a system. Thus the security policies are formalized by security models and implemented by security mechanisms providing access controls that minimize both internal and external threats. Some of the controls that could be used after a sound security policy is in place are: Encryption of data Multi-Protocol Label Switching Implementing a proxy server for remote services Use of firewalls Protocol implementation IP address rules Port filtering Adding a DMZ for anonymous users Using Dual-Homed ISP connections in case the primary ISP fails Using an IDS & IPS Data leakage security appliances Web-content filtering Traffic monitoring devices LAN-to-WAN configuration Change management (to avoid unauthorized changes to the network infrastructure) Secured location of critical...
Words: 271 - Pages: 2
...Table of Contents Project Outline 3 Security Requirements 4 Perimeter Security 5 Client and Server Security 10 Database Security 10 Server Security 12 Wireless and Remote Access Security 15 Security Configuration Management 19 References 23 Project Outline Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees is located in Columbus, Georgia, and employs 10 people full time, and 4 persons part time. The third location is located in Washington, DC, and employs 15 people. The fourth location located in Richmond, Virginia is the smallest of all the locations employing 5 persons full time. Tiger Tees is a fast growing company in dire need of a secure network that will ensure that the confidentiality, integrity, and availability of client information remain confidential. All transactions completed are sent to the organizational headquarters in Beckley, WV and processed there. In the past these orders and transactions have been completed by telephone and e-mail. A secure wide area network would streamline this process making the transactions more secure, and providing faster service to the customers...
Words: 5336 - Pages: 22
...requirements of the Benefits Election System of the organization. Security Requirements Ensuring the security of organizational and employee information is vital for any organization. Security misfortune can be damaging to the organization and the affected employees. In the case of Huffman Trucking information stored in the database includes names, social security numbers, and personal employee information used for the Benefits Election System. The cost of loss of such information typically results in the same outcome - the loss of financial resources or the harm to one’s information. In an effort to reduce or eliminate these risks altogether, several requirements must be established. These requirements should include: firewall...
Words: 1194 - Pages: 5
...Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 3.2 April 2016 Document Changes Date October 2008 Version 1.2 Description Pages To introduce PCI DSS v1.2 as “PCI DSS Requirements and Security Assessment Procedures,” eliminating redundancy between documents, and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For complete information, see PCI Data Security Standard Summary of Changes from PCI DSS Version 1.1 to 1.2. Add sentence that was incorrectly deleted between PCI DSS v1.1 and v1.2. Correct “then” to “than” in testing procedures 6.3.7.a and 6.3.7.b. 1.2.1 32 Remove grayed-out marking for “in place” and “not in place” columns in testing procedure 6.5.b. 33 For Compensating Controls Worksheet – Completed Example, correct wording at top of page to say “Use this worksheet to define compensating controls for any requirement noted as ‘in place’ via compensating controls.” July 2009 5 64 October 2010 2.0 Update and implement changes from v1.2.1. See PCI DSS – Summary of Changes from PCI DSS Version 1.2.1 to 2.0. November 2013 3.0 Update from v2.0. See PCI DSS – Summary of Changes from PCI DSS Version 2.0 to 3.0. April 2015 3.1 Update from PCI DSS v3.0. See PCI DSS – Summary of Changes from PCI DSS Version 3.0 to 3.1 for details of changes. April 2016 3.2 Update from PCI DSS v3.1. See PCI DSS...
Words: 57566 - Pages: 231
...Dec 8 ISA Server Installation step by step Insert the ISA Server 2004 Enterprise CD and follow the installation instructions. You must choose to Install Configuration Storage Server. This will install an ADAM-Instance on this computer which will be used to store the configuration of ISA Server Arrays. ISA Server Array Members will connect to the Configuration Storage Server to receive the configuration. Figure 1: Installation of a Configuration Storage Server If you choose Install Configuration Storage Server you can see in Figure 2 that only the ISA Management Option and the Configuration Storage Server will be installed. Figure 2: Component Selection On the next page we must select create a new ISA Server enterprise (Figure 3). This configuration option creates a new ISA Server Enterprise during the installation. Figure 3: Create a new ISA Server Enterprise Figure 4 shows a warning message that Microsoft recommends only deploying a single Enterprise in your Organization. Multiple Enterprises could be hard to manage. You can deploy multiple Arrays within one ISA Server Enterprise. Figure 4: Warning message when you install a new ISA Enterprise The next step (Figure 5) is to name the new ISA Server Enterprise and enter a description for the new Enterprise. Figure 5: Enter a name and description for the new Enterprise If you are using ISA Server 2004 Enterprise in a single domain or in domains with trust relationships, you must choose the Setup Option I am...
Words: 1049 - Pages: 5
...the company’s information technology function. As well as, being responsible for developing and assisting the IT Service Desk Manager with the annual capital budgets, this position will focus on acquiring and deploying the hardware and software required to support the company’s short term and long range goals. Key Responsibilities and Accountabilities • Establishes network design and strategies by evaluating network performance issues including availability, utilization, throughput, goodput, and latency. • Planning and executing the selection, installation, configuration, and testing of equipment. • Define network policies and procedures, establishing connections and firewalls. • Establishes network specifications by conferring with users; analyzing workflow, access, information, and security requirements. • Designing router and switch administration, including interface configuration, routing and switching protocols • Depending on workload and if time permits, will assist with Service Desk duties along with Service Desk Analysts...
Words: 562 - Pages: 3
...Executive Summary Riordan Manufacturing, Inc. is composed of three primary facilities in the United States, with locations in Georgia, Michigan, and California. Headquarters is located in San Jose, California. In addition to the core entities, Riordan Manufacturing has a joint business venture located in Hangzou, China. Investigation into the company’s operating procedures and expenses revealed several shortfalls requiring immediate attention. The implementation of a streamlined Enterprise Resource Plan (ERP) and Electronic Database Interchange (EDI) is expected to reduce operational costs by 10% while improving cycle time by 15%. The finance and accounting departments are struggling with their existing record keeping and database configuration. The resources identified at each facility are made up of disparate and antiquated equipment. Current operations for the consolidated close of the General Ledger are completed, at a minimum, 15-20 days past deadline. Additionally, the current system adds unnecessary administrative costs for personnel re-adding documents that are manually written or not compatible with HQ IT systems. Monthly audits are daunting, costly, and labor intensive. Additionally, there is an immediate need for government compliance to meet the specific demands of that customer base. The entire financial and accounting focus can benefit greatly and exceed current operating goals by the implementation of a standardized and modern information system upgrade...
Words: 2329 - Pages: 10
...up using tapes. No firewall is in place, and e-mail is on the same server as payroll. XYZ Computers is located in the southern part of the United States in an area that receives heavy rain. During the weekend, a major water pipe broke and flooded the first floor. The water caused extensive damage to the servers, which were also on the first floor. Create a disaster plan to prevent this sort of problem from happening in the future. Proposed solution: The way in which XYZ Computers has their IST Department set up currently is susceptible to many threats. The lack of a firewall is an open invitation for data to be stolen by prying eyes, and the vulnerability of placing the payroll database is in the same server as the email service. The geographic and weather conditions of the location of the company have a high risk of flooding, yet the Servers were installed on the first floor. Lastly, the backup method in place is sort of outdated and there is no mention on how often the backup takes place; additionally, the backup tapes themselves could be damaged, lost, or stolen. These recommendations are an attempt to improve XYZ Computer’s network data security, prevention of data loss, protection against network failure, and contingencies for natural disasters. First and foremost, there has already been an incident where the network servers were damaged due to flooding in their physical location. It is then logical to start by redesigning the physical configuration of the servers, placing...
Words: 1186 - Pages: 5
... For that I started with risk assessment exercise which will identify the relations between company assets, threats and vulnerabilities that may lead to the loss of confidentiality, integrity, availability, authenticity, or accountability. The output of the risk assessment will determine the actions for managing security risks and for implementing the appropriate controls needed to protect the company assets. The risk assessment process consists of the following tasks: • “Identify business needs and changes to requirements that may affect overall IT and security direction. • Review adequacy of existing security policies, standards, guidelines and procedures. • Analyze assets, threats and vulnerabilities, including their impacts and likelihood (See sheet # 1) • Assess physical protection applied to computing equipment and other network components. • Conduct technical and procedural review and analysis of the network architecture, protocols and components to ensure that they are implemented according to the security policies. • Review and check the configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including the client Internet connection. • Review logical access and other authentication mechanisms. • Review current level of security awareness and commitment of staff within the organization. • Review agreements involving services or products from vendors and contractors. • Develop practical...
Words: 752 - Pages: 4
