Free Essay

Nt2580 Final Project

In:

Submitted By 1boondocks
Words 1901
Pages 8
Richman Investments | Richman Internet Infrastructure Security Management Upgrade | ITT Technical Institute NT2580 Course Project | | Jason R Spitler | 5/30/2014 |

Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. |

Final Project I. Richman Internet Infrastructure Security Management Upgrade A. Purpose
Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. II. Basic Authentication Procedures and Standards, (Who users are.) A. Trinity-Three-factor Authentication Method replaces Basic Authentication
It is my view the Administrator’s responsibility is to provide secure communications by adding layers of security at all levels to assure the amount of protection for company’s valuable assets. Richman will provide its employees a new method of authentication I call Trinity. It is a three-factor authentication method requiring updated laptops and new Apple IPhone. Since Microsoft has stopped support for Microsoft Windows Operating System XP, and 87 % of our current systems require upgrade to Windows 7. We should take advantage of the newest technologies available to our Corporation. Trinity is a three-factor authentication combines” “something that you know” (password – PIN), with “something that you have” (hardware- token, mobile phone) and/or “something that you are” (biometric technologies), to make sure that the person is who he/she claims to be.”(1)

1. Biometric Identification - Biometrics is the science of identifying someone from physical characteristics. A user’s fingerprint is one of the strongest authenticators available. Never lost during a commute or forgotten at home, has fingerprint authentication introduced a new plateau of convenience for fast, secure access all users will have, Desktop USB add on, laptops and Iphone6 with biometric fingerprint scanners. This will be level one security. The log records will show GPS coordinates of the scanned process as well.

2. Device Authentication- Entrust IdentityGuard software leads the industry as one of the most robust authentication. We can use Entrust for device authentication, biometrics, digital certificates, mobile soft tokens, and IP Geolocation. 3M Cogent provides the highest-quality fingerprint authentication technology to government, border services and security- conscious organizations across the globe. “Entrust has partnered with 3M Cogent to integrate its world-class fingerprint enrollment and verification technology into the Entrust IdentityGuard software authentication platform.”(2) These are all available through Entrust.

3. Windows Basic Authentication-User ID and password. This is the most common, and typically the simplest, approach to identifying someone because it is fully software-based.

B. Strong Password Resolution

Make no mistake: An eight-character password could be very secure, even if attacked by today's high-speed computers. This method will soon be antiquated. Fortune 100 corporations, small firms and even Internet service providers with strong security have an Achilles heel; users who pick easily guessable passwords. Many who think themselves clever place a digit or two on the end of their chosen word. Such feeble attempts at deception are no match for today's computers, which are capable of trying millions of word variations per second and often can guess a good number of passwords in less than a minute. Richman must stay one step ahead and have a torn Achilles tendon no more

1. SFSP - Simple Formula for Strong Passwords
SFSP is a simple way for all users to grasp the idea of good password creation methods. This will be taught to all Richman users by corporate video training followed by password reset script for users to change their passwords to the new method. SFSP works on a three part method.

a. Input Rules are static procedures dictating where certain information is to be typed b. Secret Code is a static number that a user secretly chooses that is easy to remember. c. Memory Cue is a an easy to remember word the user secretly selects

2. This is an example of the new password method for Richman employees. You can make as many input rules as the company deems necessary. For this password example there are two rules. The static number is the first number before the rule changes the number. The memory cue is the easy to remember word.

a. R1 = Add doubling numbers in between each character of simple word, before, through and after
R2 = Insert the special character “*” (not including quotes) as the first and last character, as the last step in creating the password b. Secret Code number is 1 c. Memory Cue is internet d. New Password is *1i2n4t8e16n32e64t128* e. Memory Cue is oranges f. New Password is *1o2r4a8n16g32e64s128* C. Permissions and Rights (What they can do. . Which operations they can perform on a system.)
All users will be reviewed to insure they are set up correctly with their user rights and permissions. The Administrator will review and updates roles and objects to insure each user has the correct amount of rights and permissions. The Administrator will look at each object per role, and each permission can have one or more access rights associated with it. In addition, a Windows user or group can be associated with more than one role. By redefining roles and access rights, Richman can put the squeeze on security loop holes and give their employees and clean internet access and 99.999% continuity. III. Access Control (Which resources they can access.)
Access Control helps employers control activities that lower productivity. - Monitor Computer use. You can restrict activities that lead to the computer being unfairly monopolized. - It can even minimize the likely hood of getting infected by preventing access to potentially dangerous websites. Richman can protect itself by training our employees in internet user monitoring and filtering policy. In conjunction, we will start using Pearl Echo. Suite web filtering and internet control software to enforce the policy. A. Employee Internet Use Monitoring and Filtering Policy
1.0 Purpose The purpose of this policy is to define standards for systems that monitor and limit web use from any host within Richman Investments' network. We need to ensure employees use the Internet in a safe and responsible manner. Employees will be monitored to obtain details with incidents.
2.0 Scope
This policy applies to all Richman Investments' employees, contractors, vendors and agents with a Richman Investments owned or personally-owned computer or workstation connected to the Richman Investments' network. This policy applies to all end user initiated communications between Richman Investments' network and the Internet, including web browsing, instant messaging, file transfer, file sharing, and other standard and proprietary protocols. Server to Server communications, such as SMTP traffic, backups, automated data transfers or database communications are excluded from this policy.
3.0 Policy
3.1 Web Site Monitoring
The Information Technology Department shall monitor Internet use from all computers and devices connected to the corporate network. For all traffic the monitoring system must record the source IP Address, the date, the time, the protocol, and the destination site or server. Where possible, the system should record the User ID of the person or account initiating the traffic. Internet Use records must be preserved for 180 days.
3.2 Access to Web Site Monitoring Reports
General trending and activity reports will be made available to any employee as needed upon request to the Information Technology Department. Computer Security Incident Response Team (CSIRT) members may access all reports and data if necessary to respond to a security incident. Internet Use reports that identify specific users, sites, teams, or devices will only be made available to associates outside the CSIRT upon written or email request to Information Systems from a Human Resources Representative.
3.3 Internet Use Filtering System
The Information Technology Department shall block access to Internet websites and protocols that are deemed inappropriate for Richman Investments' corporate environment. The following protocols and categories of websites should be blocked:
• Adult/Sexually Explicit Material
• Advertisements & Pop-Ups
• Chat and Instant Messaging
• Gambling
• Hacking
• Illegal Drugs
• Intimate Apparel and Swimwear
• Peer to Peer File Sharing
• Personals and Dating
• Social Network Services
• SPAM, Phishing and Fraud
• Spyware
• Tasteless and Offensive Content
• Violence, Intolerance and Hate
• Web Based Email
3.4 Internet Use Filtering Rule Changes
The Information Technology Department shall periodically review and recommend changes to web and protocol filtering rules. Human Resources shall review these recommendations and decide if any changes are to be made. Changes to web and protocol filtering rules will be recorded in the Internet Use Monitoring and Filtering Policy.
3.5 Internet Use Filtering Exceptions
If a site is miss-categorized, employees may request the site be un-blocked by submitting a ticket to the Information Technology help desk. An IT employee will review the request and un-block the site if it is miss-categorized.
Employees may access blocked sites with permission if appropriate and necessary for business purposes. If an employee needs access to a site that is blocked and appropriately categorized, they must submit a request to their Human Resources representative. HR will present all approved exception requests to Information Technology in writing or by email. Information Technology will unblock that site or category for that associate only. Information Technology will track approved exceptions and report on them upon request.
3.0 Enforcement
The IT Security Officer will periodically review Internet use monitoring and filtering systems and processes to ensure they are in compliance with this policy. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
4.0 Revision History 11/23/2007 – Draft Completed, Kevin Bong
Revision History04/18.2014 – Draft Completed, Jason Spitler
Revision History 03/18/2014-Drafted Completed, Jason Spitler

Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu B. Pearl Echo. Suite web filtering and internet control software

Pearl Echo.Suite is an employee monitoring tool that can be used across multiple areas including e-mail, web surfing, file transfers, news resource access, instant messaging and chat. “Regardless of the needs of your company or organization, Pearl Echo.Suite will meet them whether for single or multiple locations as well as for the monitoring of roaming and mobile Internet users.”(3)

IV. Summary

By taking a three part approach to Internet Security within the user domain, Richman will define the standard of how a company’s internet maintains continuity. This document dictates the details the appropriate access control policies, standards, and procedures that define users within user domain; what they can do, which resources they can access, and which operations they can perform on a system.

References:
Entrust (2014),” Entrust Identityguard” Retrieved from: http://www.entrust.com/
Pearl Echo Software (2014).” Pearl Echo.Suite” Retrieved from: http://www.pearlsw.com/
SANS.ORG(2014),”Two Factor Authentication” Retrieved from: http://www.sans.org/reading-room
System Administration, Networking, and Security Institute or SANS.org (2001) “View Employee Internet Use Report (PDF)” retrieved from http://www.sans.org/security-resources/policies/internet.php

Similar Documents

Premium Essay

Test

...Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210 Structure and Introduction to  ComputerLogic Networking    IS3120 IS3110 NT1210 Network  Risk Management in Introduction to General Education / General Studies NT2580 NT2799 Communications ...

Words: 2305 - Pages: 10

Premium Essay

Network Systems Administration

...NT2580 Introduction to Information Security STUDENT COPY: FINAL EXAM 30. What does risk management directly affect? a. Company investments b. Security policy framework c. Security controls d. Number of employees 31. Which of the following is a cipher that shifts each letter in the English alphabet a fixed number of? Positions, with Z wrapping back to A? a. Transposition b. Vigenere c. Caesar d. Vernam 32. Identify a security objective that adds value to a business. a. Revocation b. Authorization c. Anonymity d. Message authentication 33. Which of the following is an asymmetric encryption algorithm? a. AES b. 3DES c. RSA d. RC4 34. Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature. a. Nonrepudiation b. Integrity c. Authorization d. Access control 35. Which of the following is a mechanism for accomplishing confidentiality, integrity, authentication, and Nonrepudiation a. Cipher text b. Cryptography c. Access control d. Hashing 36. In which OSI layer do you find FTP, HTTP, and other programs that end users interact with? a. Application b. Network c. Physical d. Data Link 37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives. a. Multilayered firewall b. Screened subnet firewall c. Border firewall d. Ordinary firewall 38...

Words: 606 - Pages: 3

Premium Essay

Nt1230 Syllabus

...network client computers, and related aspects of typical network server functions. Client-Server Networking I Syllabus Where Does This Course Belong? 1st QTR GS1140 NT1110 GS1145 Problem Solving Theory Computer Structure and Logic Strategies for the Technical Professional 2nd QTR NT1210 Introduction to Networking NT1230 Client-Server Networking I MA1210 College Mathematics I 3rd QTR NT1310 NT1330 MA1310 4th QTR PT1420 NT1430 EN1320 5th QTR PT2520 NT2580 EN1420 6th QTR NT2640 NT2670 CO2520 7th QTR NT2799 SP2750 Physical Networking Client-Server Networking II College Mathematics II Introduction to Programming Linux Networking Composition I Database Concepts Introduction to Information Security Composition II IP Networking Email and Web Services Communications Network Systems Administration Capstone Project Group Theory The follow diagram indicates how this course relates to other courses in the NSA program: 1 Date: 8/31/2012 Client-Server Networking I Syllabus NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420...

Words: 1834 - Pages: 8

Premium Essay

Nt2640

...Does This Course Belong? This course is required in the associate degree program in Network Systems Administration and associate degree in Mobile Communications Technology. The following diagrams indicate how this course relates to other courses in respective programs: Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110 Computer Structure and Logic NT1201 Introduction to Networking NT1310 Physical Networking CO2520 Communications SP2750 Group Theories EN1420 Composition II EN1320 Composition I GS1140 Problem Solving Theory GS1145 Strategies for the Technical Professional MA1210 College Mathematics I MA1310 College Mathematics II Networking Technology Courses Programming Technology Courses General Education/ General Studies 1 Date: 7/18/2011 IP Networking Syllabus Mobile Communications Technology MC2799 MCT Capstone Project NT2640 IP Networking MC2560 Mobile Wireless Communication I MC2660 Mobile Wireless Communication II MC2665 Mobile...

Words: 2573 - Pages: 11

Premium Essay

Nt 1210

...circuit switching and packet switching, OSI and TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments Introduction to Networking Syllabus Where Does This Course Belong? This course is required for the associate program in Network System Administration and the associate program in Electrical Engineering Technology. The following diagrams demonstrate how this course fits in each program. Associate Program in Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110 Computer Structure and Logic NT1210 Introduction to Networking NT1310 Physical Networking CO2520 Communications SP2750 Group Theories EN1420 Composition II EN1320 Composition I GS1140 Problem Solving Theory GS1145 Strategies for the Technical Professional MA1210 College Mathematics I MA1310 College Mathematics II Networking Technology Courses Programming...

Words: 4400 - Pages: 18

Premium Essay

Nt1210 Introduction to Networking Onsite Course

...circuit switching and packet switching, OSI and TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments Introduction to Networking Syllabus Where Does This Course Belong? This course is required for the associate program in Network System Administration and the associate program in Electrical Engineering Technology. The following diagrams demonstrate how this course fits in each program. Associate Program in Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110 Computer Structure and Logic NT1210 Introduction to Networking NT1310 Physical Networking CO2520 Communications SP2750 Group Theories EN1420 Composition II EN1320 Composition I GS1140 Problem Solving Theory GS1145 Strategies for the Technical Professional MA1210 College Mathematics I MA1310 College Mathematics II Networking Technology Courses Programming...

Words: 4400 - Pages: 18

Premium Essay

Nt2580 Unit 1

...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading  Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability...

Words: 3379 - Pages: 14

Premium Essay

Nothing

...Theory Hours, 22 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT1210 Introduction to Networking or equivalent Course Description: This course examines industry standards and practices involving the physical components of networking technologies (such as wiring standards and practices, various media and interconnection components), networking devices and their specifications and functions. Students will practice designing physical network solutions based on appropriate capacity planning and implementing various installation, testing and troubleshooting techniques for a computer network. Where Does This Course Belong? | | | NT2799 | | | | | | | | NSA Capstone | | | | | | | Project | | | | | NT2580 | | | NT2670 | NT2640 | | PT2520 | | Introduction to | | | | | | | | | | | Email and Web | | | | | Information | | | | IP Networking | | Database Concepts | | | | | Services | | | | | Security | | | | | | | | | | | | | | | | NT1330 | | | NT1230 | NT1430 | | PT1420 | | Client-Server | | | Client-Server | | | Introduction to |...

Words: 10839 - Pages: 44