Free Essay

Multi-Layer Security Plan

In:

Submitted By tymax
Words 821
Pages 4
User Domain:
 Define AUPs for each of IT service or equipment.
• Acceptable Use Policy (AUP) to help you use the products, services and equipment provided by us (Services), and ensure that you understand policies and procedures we have developed to comply with certain laws and regulations. All users of the Service must comply with this AUP. This AUP is made part of our Terms of Service (TOS). Your use and/or continuation of the Service constitutes your acceptance of this AUP. It is your responsibility, and contractual obligation, to ensure that your affiliates, agents, and/or customers (End User(s)) comply with this AUP.
 Establish unique logon credentials for each user and require strong passwords.
• Assign unique login credentials from the very beginning and have generally been very secure because of this. With the increasing demands of system security to ensure, logins have been made even more secure. This additional security is made possible through the use of Strong Passwords. A strong password is a series of words, letters, symbols and numbers which may be easy for a user to remember but difficult for another person to guess. We will review here the way in which you can implement additional login security through the use of strong passwords, and other advanced security settings.
 Grant only the minimum privileges to each user required to accomplish that user’s tasks.
• Identifying and influencing user behaviors that affect security are important to ensuring compliance within the User Domain. Behaviors that support or violate compliance with your security goals get the most attention. The following best practices do not guarantee compliance with all goals. However, they will lay the foundation to develop and maintain a secure environment.
Workstation Domain:
 Require unique user accounts for each person.
• Only a user with administrator privileges can add a user. When you add a new user to a server, you can specify a role for the user, which defines how the user will access data on the server and consumer roles for user accounts.
 Do not allow multiple people to use the same user account.
• A user's account allows a user to authenticate to system services and be granted authorization to access them; however, authentication does not imply authorization. To log in to an account, a user is typically required to authenticate oneself with a password or other credentials for the purposes of accounting, security, logging, and resource management.
 Require strong password and train users on the importance of keeping passwords private. Require users to change passwords at a specified interval, such as every six months.
• You should change your password periodically, ideally at least every six months. There are several reasons for this. First, passwords are often stolen without the knowledge of the victim, and stolen passwords often aren't used immediately. They're collected, sold to organized crime, rebundled and resold, and left unused for some time. Even if you're not aware your password was stolen, if you change it periodically you may change it before a thief has an opportunity to use it. Second, while we are constantly working to strengthen the underlying security of computers are also always getting faster. It's possible to guess your password through sheer persistent computer effort. With current technology, this takes months if you have a strong password. If you change your password every six months, any brute force attack that takes longer is ineffective.
 Use content filtering and antivirus scanning at internet entry and exit.
• Enable workstation auto-scans and auto-quarantine for unknown file types.
LAN Domain:
 Make sure wiring closets, data centers, and computer rooms are secure.
• Provide no access without proper credentials.
 Do not allow anyone access without proper id.
 Use WLAN network keys that require a password for wireless access.
 Define server/desktop/laptop vulnerability window policies, standards, procedures, and guidelines.
Lan-to-WAN Domain:
 Apply domain-name content filtering at the internet entry/access point.
 Apply file transfer monitoring, scanning and alarming for unknown file types from unknown sources.
 Apply and enforce the organization’s data classification standard.
WAN Domain:
 Scan all e-mail attachments for type, antivirus, and malicious software at the LAN-to-WAN Domain.
 Outsource security operations and monitoring.
 Encrypt IP data transmission with VPNs.
 Back up and store data in off-site vaults (online or physical data backup) with tested recovery procedures.
Remote Access Domain:
 Set automatic blocking for attempted logon retries, block user access after three logon attempts have failed.
 Encrypt the data on the hard drive if the user has access to private or confidential data.
 Apply real-time lockout procedures if a token is lost or device is compromised.

System/Application Domain
 Create a system that brings together servers, storage, and networking.
 Convert all data into digital data for long-term storage, Retain backups from off-site data vault on defined RTOs.
 Develop a disaster recovery plan specific to the recovery of mission-critical applications and data to maintain operations.

Similar Documents

Premium Essay

Multi-Layer Security Plan

...Ken Hoge System Security Project Multi-layer Security Plan When working in the field of IT we must make sure all data can be accessed to the proper employees when the need it. We would love to know that all of the information we have in our database is safe and secure however the number of hackers online today is skyrocketing. Most of these hackers are from other countries such as China or Russia that are trying to gain access to important information of large corporations and government institutions. Some of these hackers have all the time in the world on their hands and are taking any steps they can think of to try and exploit or gain access to financial assets. The first and for most thing we need to do is setup a multi-layered security plan to be able to deal with any incoming online threats and attacks. Most hackers will start with and end user on a network since they are the leased experienced in technical security measures. An outside attack will typically come from some sort of email sent to the end user attempting to get them to click on some sort of link and have them enter login information or some other security details. We can typically setup security protocols for these employees such as password changes every 30 days and increased password strength techniques. This will prevent attackers from being able to log onto employee accounts. Next we can move to the gateway that is the networks first line of defense. This defense will consist of some...

Words: 367 - Pages: 2

Premium Essay

Creating a Multilayer Network

...Chris Lewis 10/16/15 NT2580 Project 1 Multi Layered Security Plan We will research the concept of a multi-layered security plan and Include several applicable layers for the plan, and describe at least one layer of security for each of the seven domains. Outline of a multi-layered Security plan User Domain - Security policy violations – Place employee on probation, review AUP and employee manual, discuss during performance reviews. Workstation Domain - Unauthorized access to workstation – Enable password protection on workstations for access. Enable auto screen lockout for inactive times. LAN Domain - LAN server application software vulnerabilities and software patch updates – Define a strict software vulnerability window policy requiring quick software patching. LAN-to-WAN Domain - Local users lose productivity surfing the web and not focusing on work tasks – Apply domain-name content filtering at the Internet entry/access point. WAN Domain- Vulnerable to corruption of information and data – Encrypt IP data transmissions with VPNs. Back up and store data in off-site data vaults (online or physical data backup) with tested recovery procedures. Remote Access Domain - Brute-force user ID and password attacks – Establish user ID and password policies requiring periodic changes (i.e., ever 30 or 60 days). Passwords must be used, passwords must have more than eight characters, and users must incorporate numbers and letters. System/Application...

Words: 386 - Pages: 2

Premium Essay

Meow Investments Meow Documents

...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability (CIA) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure  Common threats for each of the seven domains  IT security policy framework  Impact of data classification standard on the seven domains Reading  Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work:  Data Classification Standard  Information System  Information Systems Security  Layered Security Solution  Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes  You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...

Words: 1409 - Pages: 6

Premium Essay

Intro to Information Security

...Into To security Project Part 1: Multi-Layered Security Plan: As part of my report, below is my outline for Richman Investments Multi-Layered Security Plan: User Domains: Since Users can access systems, applications and data depending on their roles and rights, an employee must conform to the staff manual and policies also known as the Acceptable Use Policy (AUP). The department manager or human resources manager is usually in charge of making sure that employee and in certain cases third party vendors, contractors ect sign and follow the AUP. To ensure that these threats and vulnerabilities can be avoided, a good policy would be to conduct security awareness training, update the employee manual and discuss the handbook, during performance reviews, disable internal CD drives and USB ports and enable automatic antivirus scans for inserted media drives, files, and email attachments, and lastly restrict access for users to only those systems, applications, and data needed to perform their jobs. Workstation Domains: These users configuring hardware, ensuring that all computers have the latest software revisions, security patches, and system configurations. To ensure that there are no threats with our software, enforce defined standards to ensure the integrity of user workstation and data, enable password protections on workstations for access, and auto screen lockout for inactive times, use content filtering and antivirus scanning at Internet, define workstation...

Words: 727 - Pages: 3

Premium Essay

Network Security Plan

...Network Security Plan For a general security solution plan at Richman Investments, this report will give an outline of the needed multi-layered security plan for the entire network including all branch offices. There are many risks that are involved with any network, good planning and policies put into place can mitigate security flaws. The multi-layer security solution can be a useful guideline to start and sustain these security measures within the company. The following topics for security planning will be discussed in a brief and general detail are; User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, Remote Access Domain, WAN Domain, and System/Application Domain. There are many different and unique threats to all domains listed; this report only covers a small portion of ways to mitigate such threats, risks, and vulnerabilities. User Domain In the first layer of the multi-layer security is the user domain. For any user within the company accessing the network on any given workstation or portable device, that user is subjected to the acceptable use policy (AUP). Users are the greatest risk to any network and proper assessment of user policies and the Global Policy configurations need to be well thought out and enforced by these policies. Under this AUP, if violated can be subjected to employee dismal or grounds for punishment actions. Users can be disgruntled employees and can cause serious issues to the network if they have access to sensitive information...

Words: 1254 - Pages: 6

Premium Essay

Security Domains and Strategies Project

...User Domain: The first layer of security in a multi-layer security plan. It’s also the weakest in the IT Infrastructure. Certain protocols and procedures need to be followed. • Implement and Conduct Security Awareness Training. • Implement Acceptable Use Policy (AUP). • Monitor employee behaviors. • Restrict access to users to certain programs and areas. Workstation Domain: The second layer of security in a MLS plan. This is where most users connect via Workstation computers, PDA’s, Laptops and smartphones. • Admins create a strong password policy, by making a minimum amount of characters with capitalization and numbers • Enable Up to date anti-virus programs. • Implement a mandated Employee Security Awareness Training. • Limit access to company approved devices only. • Disable CD drives and USB ports. LAN Domain: The third layer of security in the MLS plan. This is the collection of computers in an area to one another or to a common connection medium. To prevent the unauthorized access, recommend implementing the following: • Physically secure the wiring closets and data centers. • Implement encryption procedures. • Implement strict access policies and second-level authentication. • Implement WLAN network keys that require a password for wireless access. • Implement LAN server and configuration standards, procedures, and guidelines. LAN-to-WAN Domain: The fourth layer in the MLS plan. This is where the IT infrastructure is linked to a wide area network and the...

Words: 574 - Pages: 3

Premium Essay

Nt2580 Project Part 1

...This outline will, in brief, give some context to the security plan for Richman Investments’ overall IT infrastructure. The best security, is a proactive, multilayer approach that takes into account the various domains of our network. This a brief outline of the various types of solutions that will begin to mitigate to minimize our risks and vulnerabilities. Multi-layer security plan. This will detail the many areas of vulnerability and risk that will be mitigated by the various security strategies that will be implemented through the seven domain layers of our IT infrastructure. 1. User a. Education – use of strong passwords, locking work stations b. restrict access to critical user files only – principle of least privilege 2. Workstation a. Access control – password protected workstations and auto screen locking b. Antivirus-Strong, automatic programs that scan for threats 3. LAN a. Physical security – All wiring closets and server rooms should be locked b. Set up encryption between workstations and wireless access points. 4. LAN to WAN a. Disable unused ports, ping, and port scanning on exterior devices b. Strict zero-day policy for patching c. Strict security monitoring for intrusion detection Tyler Straub 3 5. WAN a. Use encryption and VPN tunnels to secure sensitive data on the internet b. Use anti-virus to scan all e-mails for malicious attachments 6. Remote access a. Encrypt all...

Words: 345 - Pages: 2

Premium Essay

Paper 1

...The first layer of the multi-layered security plan is the user domain. The user domain consists of the people who access the companies information systems. The first thing that should be set up in the User Domain is some type of acceptable use policy. The next domain is the workstation domain. The workstation domain is where the employees of the company connect to the network infrastructure. In this domain there needs to be multiple layers of defense. Your main defense here will be passwords but it should also have other login techniques such as biometrics or authenticators. The LAN domain will be your companies physical infrastructure. In this domain the system administrator should keep track of all user accounts and their corresponding rights. In the LAN-to-WAN domain you have many security options are available such as Intrusion detection systems, intrusion prevention systems, and email content-filtering. The WAN domain includes both physical networking components and logical parts of communication systems. The main goal for this domain is to allow users the most access possible while making sure what goes in and out is safe and secure. The remote access domain is what allows users within the company to remotely connect to the network. A few ways to secure this domain is VPN routers and firewalls, and to use Secure Socket Layer. The last layer is the system/application domain. This domain is one of the most critical parts of the security plan and encompasses all major parts...

Words: 293 - Pages: 2

Premium Essay

List of Protocols

...of network protocols, categorized by their nearest Open Systems Interconnection (OSI) model layers. This list is not exclusive to only the OSI protocol family. Many of these protocols are originally based on the Internet Protocol Suite (TCP/IP) and other models and they often do not fit neatly into OSI layers. The OSI model | 7 Application layer | 6 Presentation layer | 5 Session layer | 4 Transport layer | 3 Network layer | 2 Data link layer | * LLC sublayer * MAC sublayer | 1 Physical layer | * v * t * e | பொருளடக்கம் * 1 Layer 1 protocols (physical Layer) * 2 Layer 2 protocols (Data Link Layer) * 3 Layer +3 protocols * 4 Layer 3 protocols (Network Layer) * 5 Layer 3.5 protocols * 6 Layer 3+4 protocol suites * 7 Layer 4 protocols (Transport Layer) * 8 Layer 5 protocols (Session Layer) * 9 Other protocols * 10 Layer 7 protocols (Application Layer) * 11 Protocol description languages * 12 See also * 13 Further reading * 14 External links Layer 1 protocols (physical Layer) * Telephone network modems- V.92 * IRDA physical layer * USB physical layer * EIA RS-232, EIA-422, EIA-423, RS-449, RS-485 * Ethernet physical layer Including 10BASE-T, 10BASE2, 10BASE5, 100BASE-TX, 100BASE-FX, 100BASE-T, 1000BASE-T, 1000BASE-SX and other varieties * Varieties of 802.11 Wi-Fi physical layers * DSL * ISDN * T1 and other T-carrier links, and E1 and other E-carrier links ...

Words: 1041 - Pages: 5

Premium Essay

Is3230

...Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct. 3. What vulnerabilities are introduced by implementing a Remote Access Server? Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication. 5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access. Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control. 6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used at Layer 4 for each...

Words: 1143 - Pages: 5

Premium Essay

Project 1

...Project Part 1: Multi-Layered Security Plan Loren Miller NT2580 Monday PM Introduction: Describe each layer of the Open System Interconnection (OSI) Model. List a security feature of each layer if it applies. List the protocol of each layer if it applies. List types of attacks that are you protecting against in each layer. Your goal is to be able to protect a web hosting company that has a global presence. This web hosting company supports customers in the following industries: Medical, Financial, and Governmental. Physical Layer: The Physical Layer defines the physical properties of the network, such as voltage levels, cable types, and interface pins (Baker). Any attack on the Physical Layer would have to be some type of physical action, like disrupting a power source, changing of interface pins, or cutting the actual cables. Simply tampering with someone’s fuse box outside their office can cause a disruption of service. Faulty power is a problem that can be caused accidentally by the power company, or intentionally by your competitor tampering with the fuse box. A smaller business may consider installing an Uninterrupted Power Supply (UPS) which may help avoid many unrecoverable power associated problems. The addition of a UPS to your critical system will give you time to perform an orderly shutdown when power is interrupted. An abrupt termination of power to any electrical equipment has potential for great damage. Much in the same way you might protect your home...

Words: 1467 - Pages: 6

Premium Essay

Nt2580 Introduction to Information Security

...Ken Hoge System Security Project Multi-layer Security Plan When working in the field of IT we must make sure all data can be accessed to the proper employees when the need it. We would love to know that all of the information we have in our database is safe and secure however the number of hackers online today is skyrocketing. Most of these hackers are from other countries such as China or Russia that are trying to gain access to important information of large corporations and government institutions. Some of these hackers have all the time in the world on their hands and are taking any steps they can think of to try and exploit or gain access to financial assets. The first and for most thing we need to do is setup a multi-layered security plan to be able to deal with any incoming online threats and attacks. Most hackers will start with and end user on a network since they are the leased experienced in technical security measures. An outside attack will typically come from some sort of email sent to the end user attempting to get them to click on some sort of link and have them enter login information or some other security details. We can typically setup security protocols for these employees such as password changes every 30 days and increased password strength techniques. This will prevent attackers from being able to log onto employee accounts. Next we can move to the gateway that is the networks first line of defense. This defense will consist...

Words: 349 - Pages: 2

Free Essay

Network Security

...Network security Network Security Installing firewall or anti-virus software on enterprise workstations can help prevent some of the security problems the Internet can cause; but not everything. By understanding the different Open Systems Interconnect (OSI) levels and security threats involved with each one of them, it is easier to plan a strategy to combat security problems. Purpose and Scope To cover all areas I have listed the network security measures that are associated with each level of the Open Systems Interconnect (OSI). Physical layer This layer is responsible for moving raw bits from one node to another: electrical impulse, light or radio signals. This layer represents the physical application security. It includes access control, power, fire, water, and backups. Many of the threats to security at the Physical layer cause a Denial of Service (DoS) of the enterprise application, making the application unavailable to enterprise users. To ensure this does not occur, the electrical and mechanical parts of the network are not only tested periodically but are kept safe from external damages like tampering or other physical destruction. The backups are in a secured room only few people have access to this room. One method used to manage security in this layer is through Physical Layer Automation. By use of tools such as the Apcon's IntellaPatch™ line of copper and fiber Physical Layer switches, the network administrators have control and security at the foundation...

Words: 995 - Pages: 4

Free Essay

Plag Check

...Multi-Layered Security Plan The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for headquarters and each branch office. Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices(Symantec 2008). What's more, while yesterday's attack activity consisted of a single compromise...

Words: 866 - Pages: 4

Premium Essay

Multi-Layered Security Outline Plan

...INVESTMENTAND CONSULTING FIRM Multi-Layered Security Outline Plan IT Infrastructure Security Daniel Satterfield 7/1/2014 Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls   MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for...

Words: 751 - Pages: 4