Free Essay

Is3340 Week 4

In:

Submitted By iflingpoo
Words 344
Pages 2
KAMRAN JAN
WK4 Assignment 1

Security policy statements:
1. Previous attempts to protect user accounts have resulted in users writing long passwords down and placing them near their workstations. Users should not write down passwords or create passwords that attackers could easily guess.

Require all personnel attend a lunch and learn session on updated security policies.

2. Every user, regardless of role, must have at least one unique user account. A user who operates in multiple roles may have multiple unique user accounts. Users should use the account for its intended role only.

Create a set of new user accounts with administrator privileges and disable all ‘administrator’ user accounts.

3. Anonymous users of Ken 7 Web application should only be able to access servers located in the demilitarized zone (DMZ). No anonymous Web application users should be able to access any protected resources in the Ken 7 infrastructure

Place a firewall between your Web server and your internal network.
.

4. To protect servers from attack, each server should authenticate connections based on the source computer and user.

Implement Kerberos authentication for all internal servers.

5. Passwords should not be words found in the dictionary.

Enforce password complexity.

1. The ERP software vendor reports that some customers have experienced denial-of-service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web server computers.

Remove the mail server service

2. Users that leave their workstations logged in during long durations of inactivity could allow attackers to hijack their session and impersonate them in the application.

Require all personnel attend a lunch and learn session on updated security policies.

3. Attackers with packet sniffers and proxy software could potentially intercept exchanges of private data.

Place a firewall between the Internet and your Web server
4. Four software vulnerabilities in previous ERP software versions could allow attackers to escalate their permissions and assume administrator privileges.

Apply the latest security patches.

5. Incorrect Web server configuration may allow unencrypted connections to exchange encrypted information.

Require encrypted connections for all remote ERP clients.

Similar Documents

Free Essay

Is3340

...Introduction Course: IS3340 Week: 1 Lab: Using NTFS to Secure Files and Folders Assignment In this lab you will use NTFS and share permissions to control access to files and folders. Story You're part of the IT support team in the New York office of a nationwide travel services company called USA Travel. You have three other offices in Dallas, San Francisco, and Chicago. All the offices have a separate Windows 2003 Active Directory domain. The domain for the New York office, the root domain for the organization, is named usatravel.com. One afternoon you receive a call from Larry Drake, one of the two sales supervisors in your office. He and the other sales supervisor, Marta Vasquez, both have new Windows XP Professional computers, and they've created a few folders structures on both computers to hold important files. They'd like you to come to their desks and set whatever permissions you need to make sure their sales employees have the different levels of access they'll need to the folders. He then proceeds to give you the following information. There are two sales teams. The first team, led by Larry himself, has two members: Cindy Williamson and Lew Ferrell. The second team, led by Marta Vasquez, also has two members: Tammy Dobson and Juanita Dawson. The Sales department also has an administrative assistant named Markie Chung. The network administrator for your office created three security groups (which you later find out are domain local groups) for the Sales department...

Words: 2606 - Pages: 11