Premium Essay

Nt2580

In:

Submitted By reese1991
Words 339
Pages 2
VPN access control model for a large scale company.
* This policy will support remote access control for systems, applications, and data access.

Remote access Defined
Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings.
The following diagram shows the VPN server that provides remote access VPN connections.

Domain/Network Config:
For each employee that is allowed VPN access:
* The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy.
* The user account is added to the VPN_Users group in Active Directory.
To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS):
* Policy name: Remote Access VPN Clients
* Conditions:
* NAS Port Type is set to Virtual (VPN)
* Windows Groups is set to VPN_Users
* Calling Station ID is set to 207.209.68.1
* Permission is set to Grant access.
NPS policy settings:
* On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2).
* Or SSTP, L2tp/IPsec, PPTP, IKEv2

Access control model/ policy:
This model would support Role based access controls and allow mandatory access control to be governed by remote access. The IS Dept. is responsible for maintaining the access and access rights and prividgles and restricted as needed by user roles in the organization. All data is encrypted and transmitted via remote and encrypted and used by the vpn tunnel. VPN access will be terminated on a 3 month basis and must be renewed by revisiting based on your access role and permissions.

Similar Documents

Free Essay

Nt2580

...NT2580 DEREK GRASSER LAB 7 1. Describe the differences between symmetric key cryptography and Asymmetric key cryptography. Ans: Symmetric key cryptography is older and only uses one key to encrypt and decrypt. Asymmetric key cryptography is newer than symmetric and uses two different keys to decrypt and decrypt, a public key and a private key. 2. How can public key cryptography be used for nonrepudation? Ans: The cryptography will be able to tell who it came from and what time it happened. Gives all the information needed. 3. How do digital signatures ensure the integrity of a message and verify who wrote it? Ans: Digital Signatures apply the same functionality to an e-mail message or data file that a handwritten signature does for a paper-based document. The Digital Signature vouches for the origin and integrity of a message, document or other data file. 4. What is a Certificate authority? (CA) Ans: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital... Certificate_authority. 5. What are the fields and their purpose that make up distinguished name of an X.509 certificate? Ans: is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm...

Words: 262 - Pages: 2

Free Essay

Nt2580

...Making tradeoffs due to economic scarcity and that every society faces difficult choices do to scarcity. There are many factors involved in the high prices of cancer drugs, some of the those factors are listed below: Research and deployment are a major factor to consider. It cost drug companies a lot of money to research and test new drugs. A single clinical trial can cost $100 million at the high end, and the combined cost of manufacturing and clinical testing for some drugs has added up to $1 billion. The government’s involvement in the cost of cancer drugs is another factor. The reason why from an economic standpoint that these drug firms can in fact charge prices that are above their marginal costs is because they have a protection for a certain number of years for the formulation for their particular drug. It’s not for a particular amount of time that generics can be offered in the market, so the drug firms are a monopoly. They’re the only firm that can offer that particular drug. Monopolies have more market power and can charge a higher price for that drug. Healthcare has its role in the high prices of cancer drugs. The fundamental economic problem lies in the limits as to how much we can spend on healthcare, and this scarcity of resources requires choices. For a given set of laboratory services, there is a defined cost. This cost is further complicated with what we can and will spend to meet these services, taking into account the influence of insurance coverage. We...

Words: 393 - Pages: 2

Free Essay

Nt2580 It

...Kenneth Williams NT2640 LAB2 Setting Router Password Step 4 Router(config-line)# Step 11 Yes it ask for a password and it work with clscopress Step 12 Barney works Config router ip Step 4 It says unassigned Step 10 The ip is 10.1.1.4 Step 11 Yes it did Config SSH Step 4 R1 config-line # Step 7 Config-line now I am in config Step 11 It connect me to R2 user command Terminal history Step 5 It shows 192.168.54.0/29, 3 subnets/192.168.54.64.[120/1] via 192.168.54.34, 00:45:35 Step 6 I see 5 commands I put in Step 8 I see two commands Rebuild a config Step 2 Ip 10.22.1.1, 255.255.0.0,hostname clock rate 1536000, password ciscopress, router config 10.0.0.0,its shutdown on each Step 3 Yes the ping worked Step 4 No it didn’t work Step 5 No it didn’t work Step 6 Yes it did work SSH and Telnet Step 1 10.21.1.1,10.23.2.2,10.21.1.254,10.23.2.254,10.21.0.1,10.23.0.2 Step 2 Yes for use no for enable mode Step 3 SSh and telnet Step 4 Step command incomplete Basic router config I can not find this lab on here. Switch and router security Step 2 No not any subcommand showed up Step 3 No the same happened here Subnetting lab 3 Step 1 I have no clue Step 9 No it does not...

Words: 266 - Pages: 2

Premium Essay

Nt2580

...NT 1210 M1 Case studies # 9 Dear Mr. Sheehan: I would like to thank you for agreement regarding my recommendations to the company about deploying a SAN at each branch office, since each office uses data, audio, video and graphic files that are shared by staff at each location. The SAN may incorporate NAS devices which we have evaluated with different vendors. As we conducted a further research in order to provide you with more detail specifications on SAN and NAS solutions, we were able to come up with the following information design in a form of questions and answers. What is required to implement a SAN and /or NAS?  Storage-area networks (SANs) are composed of computers and remote storage devices. The computers are typically connected to the remote storage devices using SCSI over Fibre Channel (see Figure 1). Other implementations of SAN exist, but this is the most common. In a SAN, all the storage appears local, just as if the remote disk were directly connected to the computer and physically located inside the computer chassis. Network-attached storage (NAS) devices appear to the user as a remote drive letter or are named remote storage device. Typically, the operating system employs a protocol such as Network File System (NFS) or Common Internet File System (CIFS) to discover, log in, and transfer content to and from a storage device. NFS and CIFS both communicate over Ethernet. The user typically enters a username and password, and then is granted access to a particular...

Words: 7132 - Pages: 29

Free Essay

Nt2580

...Unit 7 Assignment 1 – Designing an Exchange Server (Portfolio) The first lesson that was given in this course NT2670 the more roles the server has the greater the physical it requires. The fact that a server is already using roles such with email server would require a lot. Especially over 1000 clients would require a lot of power with no minimum cut-off of system requirements. At least at the very least it should have 2 cores, but 4 cores is becoming standard, and I would choose 4 cores, it is also cost effective. Also building an Exchange Server 2007 I would pick a server with mid level capabilities in which it can handle at least 17 roles. However there will need to be at least 7-8 roles that need to be installed in Exchange Server 2007. To increase speed in the network I would choose the Thecus N5550 Enterprise Tower NAS server – Intel Atom Processor, 2 GB DDR3, RAID 0/1/5/6/10, 2x RJ-45, 1x USB 3.0, 1x HDMI, No OS. The cost for two of these severs are $419 2x which come to around $900 plus tax, to have the capabilities a business needs to be running with room to expand. Given that the minimum requirement for Windows Server 2008 requires 2 cores and 4 gigabytes of ram this is more than enough for Exchange 2007. The network requires 1000 emails to be managed, CAS, Hub Transport, and UM roles. This will only require RAID 5 setup because of the Client Access Server, all exchange server need to fast transfer rates and fault tolerance and the Thecus N5550 is more than up...

Words: 344 - Pages: 2

Free Essay

Nt2580

...Unit 2 Assignment 2 Microsoft Environment Analysis 1. What vulnerabilities exist for this workgroup LAN based on the advisories? List five of them. 2755801, 2719662, 2854544, 2846338, 2847140. 2. Do any vulnerabilities involve privilege elevation? Is this considered a high-priority issue? 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority. 3. Identify and document at least three vulnerabilities and the solutions related to the client configurations. Three vulnerabilities and Solutions related to client configurations. * Vulnerabilities- ActiveX Controls and Active Scripting. Many websites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. * Solution- After you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. * Vulnerabilities- Software code execution * Solution- Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional...

Words: 455 - Pages: 2

Free Essay

Nt2580

...I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii I I I I I I I ii I I I ii I I i I I I I ib I I I I bibibibbiibii...

Words: 1400 - Pages: 6

Premium Essay

Nt2580

...A: Write a description of your communication behavior in problem-solving groups. Include a Description of the way you formulate and send messages, receive the skills you use, contribute your information and ideas to the group, receive information about group meetings and group business, and so on. I always try to identify and remember my group members by their names, followed by writing each members contact and communication information down. I encourage all members to brainstorm on the subject at hand while we identify our strength and weaknesses. After brainstorming, task is written down and various members are asked to pick a topic they are comfortable with. Deadlines for various group assignments are then set and group members are encouraged to respect them. In the event that I’m unable to make it to a group meeting, I send out a brief but a precise email to the group leader or all members explaining my absence. B: What are your strengths in communicating, and what areas need improvement? My listening ability and clearly communicating with simple and effective phrases and sentences are some of my strength. The area of my communication that needs improvement is through the phone or mail. Since I turn to use a lot of gesture when communicating, it is very difficult for me to do this when I’m writing or talking on the phone. C: After you have written your description, meet with two people who know you well and discus it with them. Can they add anything? Do they have ideas...

Words: 308 - Pages: 2

Premium Essay

Nt2580

...Richman Investments has decided to expand their business. We have been given their new growth projections of 10,000 employees in 20 countries, with 5,000 located within the U.S. Richman have also established eight branch offices located throughout the U.S. and have designated Phoenix, AZ being the main headquarters. With this scenario, I intend to design a remote access control policy for all systems, applications and data access within Richman Investments. With so many different modes of Access Control to choose from it is my assessment that by choosing only one model would not be appropriate for Richman Investments. My recommendation would be a combination of multiple Access Control Models that overlap to provide maximum coverage and overall security. Here are my suggestions for access controls. Role Based Access Control or RBAC, this will work well with the Non-Discretionary Access Control model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or granting access to a group of people with the same job roles or responsibilities. With many different locations along with many different users it is important to identify the different users and different workstations within this network. Every effort should be dedicated towards preventing user to access information they should not have access to. Non-Discretionary Access Control is defined as controls that are monitored by a security administrator. While RBAC identifies those with permissions...

Words: 548 - Pages: 3

Premium Essay

Nt2580 Week 1

...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report...

Words: 530 - Pages: 3

Premium Essay

Nt2580 Termpaper

...Example Policy 1. Introduction This Acceptable Use Policy (AUP) for IT Systems is designed to protect , our employees, customers and other partners from harm caused by the misuse of our IT systems and our data. Misuse includes both deliberate and inadvertent actions. The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage, and lost productivity resulting from network downtime. Everyone who works at Richman Investments is responsible for the security of our IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times. Should any employee be unclear on the policy or how it impacts their role they should speak to their manager or IT security officer. 2. Definitions “Users” are everyone who has access to any of Richman Investments IT systems. This includes permanent employees and also temporary employees, contractors, agencies, consultants, suppliers, customers and business partners. “Systems” means all IT equipment that connects to the corporate network or access corporate applications. This includes, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically-stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing...

Words: 1319 - Pages: 6

Premium Essay

Nt2580 Unit1Assignment2

...March 27, 2013 Senior Management Richman Investments Dear Management Team: I was asked to write a brief report that describes the “Internal Use Only” data classification standards in your company. Internal Use only data is confidential to your company and your employees. Confidential data is subject to the most restricted distribution and must be protected at all times. Compromise of data classified as Confidential could seriously damage the reputation, mission, safety, or integrity of the institution, its staff, or its constituents. It is mandatory to protect data at this level to the maximum possible degree as is prudent or as required by law. (N/A n.d.) This report will explain the three most common IT infrastructure domains that are affected by the standard and how each one is affected. The first layer that will be affected by the standard is the user domain. The user domain defines the people who can access your company’s information. (Kim and Solomon 2012) The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data shall he or she have access to it. The AUP is similar to a code of conduct that employees must follow. Any violation will be subject to punitive action. The second layer is the workstation domain where most users connect to the IT infrastructure. It is essential to have tight security and access controls for this particular domain. It should only be accessed by users who have...

Words: 405 - Pages: 2

Free Essay

Nt2580 Final Project

...Richman Investments | Richman Internet Infrastructure Security Management Upgrade | ITT Technical Institute NT2580 Course Project | | Jason R Spitler | 5/30/2014 | Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. | Final Project I. Richman Internet Infrastructure Security Management Upgrade A. Purpose Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. II. Basic Authentication Procedures and Standards, (Who users are.) A. Trinity-Three-factor Authentication Method replaces Basic Authentication It is my view the Administrator’s responsibility is to provide secure communications by adding layers of security at all levels to assure the amount of protection for company’s valuable assets. Richman will provide its employees a new method of authentication I call Trinity. It is a three-factor authentication method requiring updated laptops...

Words: 1901 - Pages: 8

Premium Essay

Nt2580 Projectparti

...Multi-Layered Security Plan (MSP) With the ever-increasing access to the internet, and all the ways that information can be exploited, it is imperative that the integrity of company/corporate data/information receive the utmost attention in its protection. That responsibility rests in the hands of capable and competent Internet Technology (IT) professionals, who stay abreast of emerging technologies, to be able to make recommendations to upper management. The sophistication and organization of those intent on breaching systems of today has never been greater, and they will only get better as time goes on. The purpose of this of this outline is to provide necessary information for the Networking Division Monthly Report, aimed at addressing security concerns for the seven domains of IT infrastructure for Richmond Investments. Beginning with the User Domain, the first and most important step to be taken is education of all employees on the Policies and Procedures that are already in place. It is recommended that monthly training take place and be documented. There should also be monthly auditing, to ensure that the training is taking place, who is participating, and that report should be seen by upper management. The Users should be aware of the consequences of violations of the security policy, and they should expect and anticipate that there will be random and routine monitoring of their actions. Actions to protect the Workstation Domain is also a critical link, since...

Words: 796 - Pages: 4

Free Essay

Nt2580 Assignment 1

...NT2580 Network|| NetRange|76.74.255.0 - 76.74.255.127| CIDR|76.74.255.0/25| Name|PEER1--AUTOMATTIC-SERVERBEACH-ACCOUNT--01| Handle|NET-76-74-255-0-1| Parent|PEER1-SERVERBEACH-08A (NET-76-74-248-0-1[->0]) | Net Type|Reassigned| Origin AS|| Organization|Automattic, Inc (AUTOM-93[->1]) | Registration Date|2012-03-26| Last Updated|2012-03-26| Comments|| RESTful Link|http://whois.arin.net/rest/net/NET-76-74-255-0-1| See Also|Related organization's POC records.[->2]| See Also|Related delegations.[->3]| Organization|| Name|Automattic, Inc| Handle|AUTOM-93| Street|60 29th Street #343| City|San Francisco| State/Province|CA| Postal Code|94110| Country|US| Registration Date|2011-10-05| Last Updated|2011-10-05| Comments|| RESTful Link|http://whois.arin.net/rest/org/AUTOM-93| Function|Point of Contact|| NOC|NOC12276-ARIN (NOC12276-ARIN[->4])|| Abuse|NOC12276-ARIN (NOC12276-ARIN[->5])|| Tech|NOC12276-ARIN (NOC12276-ARIN[->6])|| Admin|NOC12276-ARIN (NOC12276-ARIN[->7])|| Point of Contact|| Name|NOC| Handle|NOC12276-ARIN| Company|Automattic| Street|60 29th Street #343| City|San Francisco| State/Province|CA| Postal Code|94110| Country|US| Registration Date|2011-10-04| Last Updated|2012-10-02| Comments|| Phone|+1-877-273-8550 (Office)| Email|ipadmin@automattic.com| RESTful Link|http://whois.arin.net/rest/poc/NOC12276-ARIN| bossip.com registry whois|Updated 1 second ago - Refresh[->8]| Domain Name: BOSSIP.COM Registrar: GODADDY.COM...

Words: 741 - Pages: 3