...VPN access control model for a large scale company. * This policy will support remote access control for systems, applications, and data access. Remote access Defined Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings. The following diagram shows the VPN server that provides remote access VPN connections. Domain/Network Config: For each employee that is allowed VPN access: * The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy. * The user account is added to the VPN_Users group in Active Directory. To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS): * Policy name: Remote Access VPN Clients * Conditions: * NAS Port Type is set to Virtual (VPN) * Windows Groups is set to VPN_Users * Calling Station ID is set to 207.209.68.1 * Permission is set to Grant access. NPS policy settings: * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2 Access control model/ policy: This model would support Role based access controls and allow mandatory access control to be...
Words: 339 - Pages: 2
...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be...
Words: 477 - Pages: 2
...1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to access a workstation...
Words: 364 - Pages: 2
...1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to access a workstation...
Words: 364 - Pages: 2
...Kent O’Brien NT2580 U4:A1 Remote Access refers to the ability to access UMW network resources while off campus. Security measures for remote access should be implemented based on sensitivity and risk to University systems and data. A VPN connection is off-site remote access of sensitive IT systems to ensure exchanges of information are encrypted. With that being said I’m going to talk about a networked VPN infrastructure and what I would have in it. If I was doing a school I would have the VPN accessible to all Faculty and Staff members by default and is authenticated against the ALL_Faculty_Staff Security group in Active Directory. Students do not have VPN privileges. A Contractor, Temporary, or Volunteer worker requiring VPN access, must fill out a compulsory form in Human Resources prior to be granted access. They will require a UMW sponsor who must submit the request to the ISO for final approval. Once approved, they will be entered into Banner whereby an account will then be created in Banner and AD. They can get instructions on how to install the required Cisco software client. Users using non-university owned equipment must follow IT Malicious Code Protection Standard. Records logging remote connections must be maintained and reviewed according to the University Monitoring and Logging Procedure. VPN authentication is required in addition to network authentication to remotely access backend servers and is limited to local accounts provisioned by the Server Administrator...
Words: 284 - Pages: 2
...3Mokihana Sabang NT2580 Unit 3 10/11/12 Wallace Dear Richman Investments, I am happy to hear that you are looking to expand your company and are currently looking for a remote access policy. One, I think giving your employees the ability to use their company computers from home and when traveling for the business is a great opportunity, I also believe it can be a high risk with nothing in place of security. I purpose that all computers in which has been provided by the company use RDG. Microsoft Remote Desktop Gateway (RDG) * Allows you to log in to your ETSU computer from off-campus * Requires no software installation * Presents a lower security risk * Does not expire (subject to periodic review) With that said there will be rules set for all employees’ in which RDG is to use. 1) All employees will sign a RDG agreement. 2) All employees who will be given a company computer will need to get permission from Vice president. 3) When connect to the company internet/server you must make sure no one else will be on your network. 4) Computers must be up to date with anti-virus and any recommended software. 5) 30 minutes of inactivity, computer will automatically disconnect from the network. 6) Only the Headquarters VP, Presidents, and IT will be able to access any other sites on the network. *(not vice versa) I want to thank you for giving me the opportunity to help you with getting this setup for your company. Feel free...
Words: 263 - Pages: 2
...Chris Lewis 10/16/15 NT2580 Project 1 Multi Layered Security Plan We will research the concept of a multi-layered security plan and Include several applicable layers for the plan, and describe at least one layer of security for each of the seven domains. Outline of a multi-layered Security plan User Domain - Security policy violations – Place employee on probation, review AUP and employee manual, discuss during performance reviews. Workstation Domain - Unauthorized access to workstation – Enable password protection on workstations for access. Enable auto screen lockout for inactive times. LAN Domain - LAN server application software vulnerabilities and software patch updates – Define a strict software vulnerability window policy requiring quick software patching. LAN-to-WAN Domain - Local users lose productivity surfing the web and not focusing on work tasks – Apply domain-name content filtering at the Internet entry/access point. WAN Domain- Vulnerable to corruption of information and data – Encrypt IP data transmissions with VPNs. Back up and store data in off-site data vaults (online or physical data backup) with tested recovery procedures. Remote Access Domain - Brute-force user ID and password attacks – Establish user ID and password policies requiring periodic changes (i.e., ever 30 or 60 days). Passwords must be used, passwords must have more than eight characters, and users must incorporate numbers and letters. System/Application...
Words: 386 - Pages: 2
...Terrance NT2580: Introduction to Information Security Brian Alley May 10, 2014 I have been given the task of designing a remote access control policy for establishing secure access between remote offices across several different states. Establishing this policy will protect the company and employees against attacks that may cost them tons of money and even their jobs. The policy will define several different security practices that employees need to adhere to in order to keep the network safe. These policies will be dictated through an AUP and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the AUP. Users will only be given access to files they need through the use of an ACL. This way if a password is breached the hacker will only gain access to a certain...
Words: 617 - Pages: 3
...NT2580 Ishmael Burch III Project Part 2 Student SSCP Domain Research Paper Remote Access Domain is a domain involving Portable devices that use static IP address like Smart phones Laptop computers PDAs Remote E-mail usage Wireless access to cloud resources. Remote access policies are configured using the RRAS console. They are contained within the Remote Access Policies container under the server node in the console tree. There is a default remote access policy created when the RRAS is installed on a computer. Allow or deny remote access depending on the time or day of the week, the group membership of the remote user, the type of connection (VPN or dial-up), and so on. Administrators can configure remote access settings to specify authentication protocols, and encryption schemes used by clients, maximum duration of a remote access session, etc. A wireless link is likely to be limited in bandwidth error rates on a wireless link is much higher than that of a wired link. Different types of communication paths involved, one of which is radio link, particularly vulnerable to attack. Location privacy, any leakage of specific signaling information on the network can lead to an eavesdropper to approximately “locate” the position of a subscriber and thus hindering the subscriber’s privacy. Securing Internet Communication by using S-HTTP and SSL Secure Socket Layer (SSL) protocol is a protocol that uses public key encryption to secure channel over public Internet. A Secure Hypertext...
Words: 769 - Pages: 4
...Unit 4 Assignment 2: Acceptable Use Policy Definition NT2580 The following acceptable use policy has been designed for Richman Investments and grants the right for users to gain access to the network of Richman Investments and also requires the user to follow the terms of use set forth for network access. Policy Guidelines * The use of peer to peer file sharing is strictly prohibited. This includes FTP. * Downloading executable programs or software from any websites, known or unknown, is forbidden. * Users are not allowed to redistribute licensed or copyrighted material without receiving consent from the company. * Introduction of malicious programs into networks or onto systems will not be tolerated. * Attempts to gain access to unauthorized company resources or information from internal or external sources will not be tolerated. * Port scanning and data interception on the network is strictly forbidden. * Authorized users shall not have a denial of service or authentication. * Using programs, scripts, commands, or anything else that could interfere with other network users is prohibited. * Sending junk mail to company recipients is prohibited. * Accessing adult content from company resources is forbidden. * Remote connections from systems failing to meet minimum security requirements will not be allowed. * Social media will not be accessible on company resources. * Internet...
Words: 263 - Pages: 2
... NT2580 Introduction to Information Security May 20, 2013 Security Operations means the process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: a. identify those actions that can be observed by adversary intelligence systems; b. determine indicators that hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries; and c. select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. [1] The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the difficulty of managing network and systems security. Organizations are challenged with the difficult and overwhelming task of securing and managing network systems, and keeping their desktops and servers up to date. Organizations want easy and efficient ways to maintain network security, manage updates, and, at the same time, reduce total costs for security management. When addressing security management and operations, administrators need to consider the following: • Security: Employees not only work from corporate offices, but from branch offices, home offices, or from the road. Managing access policies and security for remote connectivity requires flexibility...
Words: 536 - Pages: 3
...NT2580 Unit 3 Access Controls 01/22/2014 1. For the construction company scenario the data would probably consist of customer contact information, accounting, and inventory. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. 2. For the advertising company scenario the data would probably consist of customer contact information, accounting, and inventory. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. 3. For NetSecIT, I would implement all access controls on this organization because of the size of the company and the remote access. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. For the hardware controls I would utilize MAC filtering and smart card use. For the physical I would utilize security guards and ID badges. 4. For Backordered Parts, I would implement all access controls for this organization because it is a defense contractor that builds communications parts for the military. For administrative controls I would administer a...
Words: 362 - Pages: 2
...NT2580 Introduction to information security | 7 Domain of IT Infrastructure Security Plan | Project Part 1 | | | [Pick the date] | As described by Tipton and Henry, information security management establishes the foundation for a comprehensive security program to ensure the protection of an organization's information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of the information assets in the IT Infrastructure. Each one of the domain of the typical IT Infrastructure needs a proper security controls to ensure the confidentiality, integrity, and availability (CIA Triad). The following are the overview of the seven Domains: User Domain This is the domain of users that access systems, application, and data. It is the information asset of the organization that will be available to a rightful user by authenticating the user by the acceptable use policy (AUP). It is also define that the user is the weakest link in an IT infrastructure, but by educating user of the sensitivity of the IT infrastructure in the security awareness, security control shall be enforced. Security control to this domain can also be enforced by defining and implement the user policy of the IT infrastructure. Workstation Domain This is the domain where users first connect to the IT infrastructure. Because of numerous threats, it is necessary to implement...
Words: 889 - Pages: 4
...Travis Avery NT2580 Project Part 2 Purpose - This policy defines the security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity, availability, and confidentially of the network environment of Richmond Investments(R.I). It serves as the central policy document with which all employees and contractors must be familiar, and defines regulations that all users must follow. The policy provides IT managers within R.I. with policies and guidelines concerning the acceptable use of R.I. technology equipment, e-mail, Internet connections, network resources, and information processing. The policies and restrictions defined in this document shall apply to all network infrastructures and any other hardware, software, and data transmission mechanisms. This policy must be adhered to by all R.I. employees, temporary workers and by vendors and contractors working with R.I. Scope- This policy document defines the common security requirements for all R.I. personnel and systems that create, maintain, store, access, process or transmit information. This policy also applies to information resources owned by others, such as vendors or contractors of R.I., in cases where R.I. has a legal obligation to protect resources while in R.I. possession. This policy covers all of R.I. network systems which are comprised of various hardware, software, communication equipment and other devices designed to assist the R.I. in the creation...
Words: 598 - Pages: 3
...workstations, whether desktop or laptop has some security on it like antivirus and malware protection installed. Laptops can be very vulnerable for loss or theft, which would make me install an encrypted hard drive so if it is stolen the data can only be retrieved by the owner. For the LAN domain, just train all users about email scams. I would guess that most users know not to access suspicious emails when on our system but I would still implement to the users a quick training course. Then I we should add spam filters this will help get rid of most of the junk email. In the LAN-to-WAN domain, we need to shut down the File Transfer Protocol (FTP) server we have running and switch it over to use secure FTP so that only users allowed on our system can access our FTP server. In the WAN domain, we need to make sure that we have firewalls set up on our network that will filter all incoming traffic. This firewall will stop all traffic coming on to our system that is not meant or not wanted our network. In the Remote Access Domain, we need to establish strict user password policies, as well as lockout policies to defend against brute force attacks, require the use of authorization tokens...
Words: 461 - Pages: 2
