...RECOMMENDATIONS FOR WIRELESS NETWORK SECURITY POLICY Introduction One of the newer technologies being increasingly used in today's business is that of wireless networks. While this technology has the advantages of providing greater user mobility and temporary access, it does have the disadvantage of an intrinsic lack of security. SECURITY THREATS There are a number of types of attack that wireless LANs are vulnerable to, based on different aspects of their operation and configuration. These include. i. Broadcast medium Wireless is a broadcast medium, where there is no way to control where the information is sent and who therefore has access to it. If an access point is set up and used in its default Configuration, then the user of such a system is vulnerable to attack, because anyone running sniffer software can see and capture everything that a user does across that network... ii. WEP Vulnerabilities. There were two problems with the original WEP encryption system. Firstly, the shared key system requires the use of the WEP key to verify a user attempting to connect to the wireless network. The second was the actual implementation of the encryption system itself. iii. Denial of Service This type of attack can be perpetrated by a jamming attack which can be either intentional attack which is one in which the attacker broadcasts a very high-power signal at the same frequency that the wireless network is operating on, causing interference to the network or unintentional...
Words: 906 - Pages: 4
...who do intentionally tamper with the company's network often do so because they are tempted by assets they know are poorly protected. Weak security policies present the image that a company does not truly value its assets, which in turn attracts the petty thief and curiosity seeker. Therefore, the preventive element of any network security system should include a strong and enforceable security policy for its employees to follow, re-enforced by a form of technical protection (Control Data, 1999). Firewalls, antivirus programs and packet filtering devices are used to protect access to the network at the LADWP. But these tools alone do not provide adequate system security policy for system users, as mentioned above, that is based on the identification and prioritization of threats and assumed threats helps to maintain the network's health. The key feature of the policy is an ongoing training program that teaches all users the importance and value of including safe system user practices in their daily routine. Users are more likely to follow security practices if they understand the purpose of the practice and the consequences when these practices aren't used. Added to the training is a physical and electrical restriction of access to sensitive information and areas to users who have no business purpose for using such access. To ensure that the preventive measures are functioning effectively, regular audits of the security policy are performed. Log-on IDs are checked to verify...
Words: 1357 - Pages: 6
...worldwide. MMPS has current network operations handled by an outside telecommunications management company. MMPS experiences problems that cost that company money as well as customers. Metric Machine Parts’ main concern will be to have an in-house IT department. This will improve communication between MMPS and their customers. MMPS needs to be able to solve problems quickly and efficiently. A management company that is in charge of network operations and managing four locations needs to be responsive to the company they work for. I’m proposing to do away with the current outside telecommunications management company and have MMPS create an IT department at all four locations. MMPS currently only has 250 employees. I believe MMPS should ass at least six employees to the new department at each location. There are plans to acquire several small parts suppliers. If acquired, the IT department will then increase their employees as needed to support this growth. There are always security risks when working with telecommunications. Policies will need to be put in place for employees so the security risks are at a minimum. MMPS is a small company compared to most. There are many risks that include: malware, adware, key loggers, and many more hack programs. Large companies that are infected can have a number of problems, “but for a small business, attacks can spell total disaster” (Hausman, Alston, & Chapple, 2005). MMPS needs to have these policies in place and enforced...
Words: 722 - Pages: 3
...2 Student SSCP® Domain Research Paper Security Operations means the process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: 1. Identify those actions that can be observed by adversary intelligence systems; 2. Determine indicators that hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries; and 3. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. [1] The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the difficulty of managing network and systems security. Organizations are challenged with the difficult and overwhelming task of securing and managing network systems, and keeping their desktops and servers up to date. Organizations want easy and efficient ways to maintain network security, manage updates, and, at the same time, reduce total costs for security management. When addressing security management and operations, administrators need to consider the following: • Security: Employees not only work from corporate offices, but from branch offices, home offices, or from the road. Managing access policies and security for remote connectivity requires flexibility to apply security policies to different sets of users and groups...
Words: 528 - Pages: 3
...Essay Designing a Security Strategy Geo-Probe Inc. (GPI) 20 years in business, a company with constant growth and success. GPI provides construction management, engineering design, programming and environmental planning, and other A-E projects in support of a, industry, different government and commercial clients. GPI has 300 employees and ten branch office locations. GPI has many computers and network device attach to their network like any other business. Here is GPI Current network topology. Computer networked devices and peripheral is most overlooked and common security threat to corporate assets. (Darb, 2010). Multifunction copiers and digital devices are very intelligent machines complete with their OS, hard drives, and supportive subsystems (Darb, 2010). Every time you scan, copy or faxed something the image is stay behind on the system device. When employees scan a file documents to a server or any other source from a multifunction copiers may also not knowingly sending files across the network unprotected (Posey, 2008). The data is at risk as much as getting hacked from outside. Geo-Probe Inc. purchases innovative multifunction devices because they can consolidate multiple copiers into a single device (Posey, 2008). Also, these multifunction devices deliver cost saving in printing services, and maintenance. However, these devices poses security threat and fall in the radar screen of IT department security strategies (Posey, 2008). From a network standpoint GPI...
Words: 857 - Pages: 4
...Ken 7 Windows Security Controls COM 520 LaTroy Middlebrook September 27, 2015 Dr. Nguyen Select from these security controls: a. Place a firewall between the Internet and your Web server. b. Place a firewall between your Web server and your internal network c. Enforce password complexity d. Implement Kerberos authentication for all internal servers e. Require encryption for all traffic flowing into and out from the Ken 7 Windows environment f. Separate wired and wireless network entry points into separate logical networks g. Require all personnel attend a lunch and learn session on updated network security policies Security Policy Statements: ___ 1. More and More users are using the Ken 7 Windows network to access social media sites during business hours, causing the network to slow down. Users should not use Ken 7 network resources for social media access. ANSWER: G This will garner everyone who has network access attention so that a sign in the blank can be done so if they get caught, they are liable because it’s documented. ___ 2. Most Ken 7 personnel own mobile phone and PDA’s that can connect to the Internet. Ken 7 administrators are concerned that personal device access may pose a security threat to Ken 7 network resources. Personal devices must not be allowed to connect to the Ken 7 Windows network. ANSWER: F Secure and lock down unnecessary traffic and entry points for improved activity. This...
Words: 390 - Pages: 2
...Internal and External Security BIS/303 September 16, 2013 Internal and External Security Most hotels offer exceptional service and a quality stay, but the hotels have to look at the internal and external security issues that are a major concern. Internal security issues, such as spiteful users of the business using one of the information technology applications within the company. Beside the physical security, hotels have external security issues for an example a person sending e-mails with viruses or a hacker trying to hack into the database for personal information about the customers staying at the hotel. Hotels have to guarantee security and safety of the hotel guests. After previous events that includes the attacks on September 11 and other famous hotels around the world attacks, many hotels are looking to develop ways to keep guests and hotel employees safe. Many hotels are applying a new system of security that will help keep guests safer during his or her stay at the hotel. Information security is a vital key role in today’s fast moving technology world and the fragile business environment. The significance of this reality needs to be clear; not only to improve the business’ daily transactions and procedures but also to make certain that the much needed security concerns are put into operation with an adequate level of security. To think that the opportunity of any business’ information uncovered to a malevolent hacker or attacker is constantly increasing...
Words: 1578 - Pages: 7
...Database Server Security Demands Report NOTE: Use carriage returns and page breaks as needed to prevent table contents from extending across page boundaries. Task 1—Verify Initial Connectivity Between Router and Hosts • Run a Flow Analysis to update the topology. Open the Visual CLI on the ISP router and ping all of the Servers and Host PCs including the Attack PC. Select the CLI commands within the Virtual CLI window using your mouse. Click the Copy button and use V to paste the commands into the table cell below. Paste the Virtual CLI Ping commands here. ISP_Router#ping 192.168.100.10 Cannot find FLAN table, please run FLAN with routing table export. ISP_Router#ISP_Router#ISP_Router#ping 192.168.100.10 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms ISP_Router#ping 192.168.100.10 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms ISP_Router#ping 192.168.100.10 ---------- ISP_Router#ping 192.168.200.11 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.200.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms ISP_Router#ping 192.168.200.10 Type escape sequence to abort. Sending 5 100-byte ICMP Echos to 192.168.200...
Words: 808 - Pages: 4
...Information regarding health information of patients and citizens is supposed to be very private and putting it into a nationwide database makes it liable to access by people who are not supposed to see it. The growing demand for information technology (IT) in health sector means that a lot of policies have to be drafted and enacted in order to protect the privacy of patients (Andrew, & Richard, 1995). Generally, there are privacy and security concerns that arise and which can be divided into two general categories. The first concerns are about the release of such sensitive information by institutions that are supposed to handle the data while the second concern is related to how information is handled within the healthcare system and its allied industries (National Research Council, 1997). Any information that is stored electronically is vulnerable to abuse by either internal or external people who may violate the confidentiality policy of those organizations by accessing data that is not supposed to be accessed. By the virtue of one being a worker in a health organization, he or she can abuse the privilege of being able to access different records. This comes about by accessing information for inappropriate reasons like viewing records of friends, neighbors, coworkers or even family members and then leaking the information out of the organization (Hossein, 2006). This internal accessing of data may sometimes lead to manipulation of data but at most time people just snoop...
Words: 679 - Pages: 3
...Our Company Network Security Plan Developed August 2010 Andre Bryant Table of Contents Security Threats and Risks 3 Types of Threats 3 Mitigation Strategies 3 Security Policies 3 Physical Access 3 Data Access 3 Security Laws 3 Law 1: 3 Law 2: 4 Law 3: 4 Disaster Recovery 4 Backup Policies 4 Testing 4 Security Threats and Risks Types of Threats • Trojan Horses • Viruses • Hackers Mitigation Strategies • Firewalls • VPN access and protocols • Strong Technology policy with strict accountability Security Policies Physical Access Technology policy will allow the IT assign identification numbers to each employee. These numbers will assign access to each employee as well as track employee internet usage. This will also allow restriction to certain sites that are not filtered by the system. Data Access All traffic will be filtered through the firewall. We will also implement a network usage list that will let all users know what areas are restricted (hp.com). Security Laws Law 1: As part of our company’s network security policy, we are requiring the use of IMAP exclusively. IMAP and SMTP must be routed through a firewall (hp.com). Law 2: No trafficking or usage of copyrighted or restricted files or software. The penalty for violation of this policy could result in immediate termination (klariti.com). Law 3: ...
Words: 319 - Pages: 2
...sections of an Information Security Policy. Final Project Timeline You should budget your time wisely and work on your project throughout the course. As outlined below, the assignments in the course are designed to assist you in creating your final project Information Security Policy. If you complete your course activities and use the feedback provided by the instructor, you will be on the right track to successfully complete your final project of creating an Information Security Policy. □ Week One: Introduction Review the two company profiles provided in your syllabus and select the one you will use for your final project company. You design the Information Security Policy for this company throughout the course. Once you have decided which company you are using, it may not be changed; therefore, considerable thought should be put into this decision. Next, decide which type of information security policy—program-level, program-framework, issue-specific, or system-specific—is appropriate for your final project company. Assignment: Final Project Information Security Policy: Introduction Complete and submit Appendix C. Note. Section 1 Introduction of Appendix C corresponds to Section 2 of Appendix B in the final compilation due in Week Nine. In completing Appendix C, provide an overview of your final project company, describe the type of security policy that is appropriate for your scenario, and explain your security goals in terms of confidentiality...
Words: 899 - Pages: 4
...University of Phoenix by; Kari Sherwood 10/05/2014 Abstract University of Phoenix by; Kari Sherwood 10/05/2014 Network security Hospitality industry Network security Hospitality industry NEN Network security is an important aspect of system administration. The article focuses on the purpose of network security, the kind of threats that it faces and the implementation of a security strategy. The basic idea of networks is allow people remote access to geographically distant resources without having to be physically present. It has also been designed to send data back and forth, to stay connected. There are large networks and small networks, but size is irrelevant in terms of importance of network security. The purpose of network security is to protect the network and its component parts from unauthorized access and misuse. Networks are vulnerable because of their inherent characteristic of facilitating remote access. For example, if a hacker wanted to access a computer not on a network, physical access would be vital. However, with networks in the picture, it is possible to bypass that particular security aspect. Therefore, it is vital for any network administrator, regardless of the size and type of network, to implement stringent security policies to prevent potential losses. There are a number of potential pitfalls that may arise if network security is not implemented properly. Each business will identify with the need to keep certain critical information private...
Words: 683 - Pages: 3
...Integrative Network Design NTC/362 Integrative Network Design Project Kudler Fine Foods is one of the biggest and fastest growing food companies in the Unites States. Because of this fast expansion there are expected and often increased goals that must be done in order to keep all parts of the company working as they should. One of these areas that must be kept up to date and secured at all times is its integrated network. Again because of the company’s recent growth there will be challenges that will happen especially with the network so a good integrative network design must be developed in order to continue this positive trend both in present and in the future. Kudler Fine Foods is taking the next step to upgrade the existing infrastructure with new wireless technology which will provide a better communication link for not only all of the stores, but for all of the employees as well. Kudler Fine Foods wants to implement a new network design that will connect their three locations that is spreaded out across the U.S. With the new systems and servers the ability to maximize the company’s profits will increase overnight. This new inventory system will allow the stores POS systems to alert the warehouses to ship more products when they are running low automatically. This will eliminate the need of wasted man hours checking the stock. Using a Wide Area Network (WAN) would be the best choice for connecting the three locations together. They also want to implement a...
Words: 3955 - Pages: 16
...6. Network Security Policy A secure network infrastructure is needed to protect the integrity of data and mitigate risk of a security incident. The purpose of a specific network infrastructure security policy is to establish the technical guidelines for IT security, and to communicate the controls necessary for a secure network infrastructure. This policy might include specific procedures around device passwords, logs, firewalls, networked hardware, and/or security testing. 7. Internet Use The company will provide internet access to authorized users for business purposes. Requests for permission must be obtain by submitting a request to the Security Administrator. Authorized users will be notified once their information has been setup...
Words: 647 - Pages: 3
...developed to assist in management and addressing of security exploits, real-time network health and change management among other areas of today’s ever changing Information Technology (IT) data environment. This software assists the security manager in safeguarding vital business data through the compilation of network device information and real-time awareness of network health, firewall configuration and patch management with deployment. The software is modular and can be configured to meet the needs of the organization in which it supports while minimizing service interruptions which lead to the loss of productivity. Solarwinds offers a multitude of modules that range from configuration management to help desk trend analysis and firewall management. This is a non-platform dependent software solution which can manage firewalls and devices for proper patch management. This solution can be configured by the most novice IT professional while not breaking the bank. Its scalability can support anywhere from 10 users to many hundred users. The Solarwinds software solution can be a great addition to any network security solution. The benefits you will be getting from this software cover a large spectrum of security hardening techniques from the firewall configuration and management to end user patch management. Solarwinds modularity contributes to its capability to fulfill many security requirements. Solarwinds offers a scalable security information and events manager (SIEM) console module...
Words: 1221 - Pages: 5
