...Establish Evacuation routines 3. Acquisition of Intelligence. a. Obtain Hard & Soft Copy Information b. Obtain Top Managerial Personal Information, (Addresses etc) c. (Optional deployment of Ethical Hacking) 4. Disruption/Sabotage a. Insertion of dummy explosive/incendiary devices (Packages, Letter Bombs etc). b. Abduction plan 5. Report The time frame is variable dependent on current security protocols and staff awareness. Client Network Penetration Testing Proposal Document Reference xxx-xxxx-xx Contents 1 Background 3 2 Scope 4 2.1 Types of Attack 4 2.2 Report 5 2.2.1 Executive Summary 5 2.2.2 Technical Report 5 2.2.3 Recommendations 5 2.2.4 Security Policy 5 3 Phase 1 – Internal 6 3.1 Scope 6 3.2 Deliverable 6 4 Phase 2 – Internet 7 4.1 Scope 7 4.2 Deliverable 7 5 Phase 3 – WarDial 8 5.1 Scope 8 5.2 Deliverable 8 6 Phase 4 – Wireless 9 6.1 Scope 9 6.2 Deliverable 9 7 Phase 5 – 3rd Party Access 10 7.1 Scope 10 7.2 Deliverable 10 8 Phase 6 – Remote Access 11 8.1 Scope 11 8.2 Deliverable 11 9 Phase 7 – Social Engineering 12 9.1 Deliverable 12 10 Products Used 13 10.1 Hardware 13 10.2 Software 13 11 Quotation...
Words: 2185 - Pages: 9
...TERM PAPER Wireless LAN Security Enabling and Protecting the Enterprise INSIDE INSIDE ∆ Wireless LAN Technology ∆ ∆ ∆ Benefits of Wireless LANs Security Risks and Technical Challenges Recommendations WIRELESS LAN SECURITY Contents Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Wireless LAN Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Benefits of Wireless LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Simplified Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Extended Reach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Increased Worker Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Reduced Total Cost of Ownership and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Security Risks and Technical Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 “Leaky” Buildings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Unapproved Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Exposure of Wireless Devices . . . . . . . . . . . . . . . ....
Words: 2559 - Pages: 11
...4, 2014 ABC Company Proposed revision of Information Security Policy Anthony Ronning: Information Security Manager OBJECTIVE: Due to the recent breach of our electronic health record (EHR) systems, it is necessary that policies pertaining to access and control mechanisms of health records be reviewed and/or modified to mitigate future incidents SPECIFIC GOALS: 1.) Implement a standard based on Attribute Based Access Control (ABAC) to ensure that electronic health records (EHR) are protected from unauthorized entities 2.) Implement a standard for the use of remote access methods to information systems 3.) Implement a standard that ensures that access to electronic health records (EHR) is audited and backed up without changes or over writing INFORMATION SECURITY POLICY GOALS: * Confidentiality = data or information is not made available or disclosed to unauthorized persons or processes * Unauthorized access = the INABILITY of unauthorized persons to read, write, modify, or communicate data/information or otherwise use any system resource * Integrity = data or information has not been altered or destroyed in an unauthorized manner * Availability = data or information is made accessible and usable upon demand by authorized users * Legislative and Regulatory Requirements = policies comply with Federal and HIPAA regulatory standards * Business continuity plan integration = policy revisions fall within the business continuity plan of...
Words: 2279 - Pages: 10
...Special Publication 800-48 Wireless Network Security Tom Karygiannis Les Owens 802.11, Bluetooth and Handheld Devices NIST Special Publication 800-48 Wireless Network Security 802.11, Bluetooth and Handheld Devices Recommendations of the National Institute of Standards and Technology Tom Karygiannis and Les Owens C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 November 2002 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director W IRELESS NETWORK SECURITY Note to Readers This document is a publication of the National Institute of Standards and Technology (NIST) and is not subject to U.S. copyright. Certain commercial products are described in this document as examples only. Inclusion or exclusion of any product does not imply endorsement or non-endorsement by NIST or any agency of the U.S. Government. Inclusion of a product name does not imply that the product is the best or only product suitable for the specified purpose. Acknowledgments The authors wish to express their sincere thanks to numerous members of government, industry, and academia who have commented on this document. First, the authors wish to express their thanks to the staff at Booz Allen Hamilton...
Words: 52755 - Pages: 212
...servers for the teachers for student information, Firewall(s), Router(s), and Switch(es), Wireless Access, Principal Laptop, and Student Records. 2. List your top five (5) risk exposures for which you believe this school should have specific risk mitigation strategies. My top five (5) risk exposures would be wireless access security, the principal’s laptop being left or stolen when she travels and the password being easy to guess, social engineering to gain access to not only student systems (laptops and computer science computers) but also to teacher and administrator systems, the use of Facebook, MySpace and Twitter while at school exposing daily activities and routines while at school or work in the case of the faculty, Physical security at the school protecting the servers, student data, school business information, etc. and strong password policy. 3. Given the potential risks that you identified, what IT security policies would you recommend be created by the school to help mitigate each of the identified risk exposures you listed in #2 above? First and foremost a comprehensive security policy that takes into consideration the variables and factors at the school. This includes students, teachers, physical access, layout of the school and property, security measures as defined by FERPA, HIPAA, etc. A password policy needs to be in place that stresses complexity, minimum length (recommendations) and recycling or expiring passwords. This could be accomplished with a minimum length...
Words: 1205 - Pages: 5
...made use of technological innovation and automation of their systems. However, as GFI experienced a steady growth in its financial operation, a significant security risk lack within its network. GFI relies on its application servers; the Oracle database and the email system that are the backbone of the GFI financial operations. The financial and cash flow system of the company solely depends on the network, any network breakdown, and system failure would be catastrophic for the business and its clients. The recent multiple cyber attacks on the GFIs network and the 2012 Oracle server attack that left the company integrity, confidentiality and availability venerable for several days. Although the servers were restored, the damage was extensive and lead GFI to pay for clients damages in their loss of data confidentiality. Another attack left the entire GIF network down that lead to losses in revenues and intangible customer confidence to the tunes of over a million US dollars. Risk Assessment Purpose The aim of this risk assessment is to evaluate the details of GFI network security. Further, the risk assessment is to come up with a structured qualitative assessment of GFIs network environment and provide possible solutions for mitigating the sensitivity, threats, vulnerabilities, risks and safeguards of the GFIs network. Besides, the assessment will recommend on a potential cost-effective assurance that will combat the threats and associated exploitable...
Words: 2661 - Pages: 11
...discuss factors used to identify all kinds of risks in company network diagram. It will also assess the risk factors that are inclusive for the Company and give the assumptions related to the security data as well as regulatory issues surrounding risk assessment. In addressing the global implications, the paper will propose network security vulnerabilities and recommend the mitigation measures for the vulnerabilities. Cryptography recommendations based on data driven decision-making will be assessed, and develop risk assessment methodologies. Risk assessment in Information Technology Risk assessment is one of the mitigation methods for the Networks design. The scanners or vulnerability tools are used to identify the risks or vulnerabilities within the network design. The risks can be identified by these tools as they extend beyond software detects to incorporate other easily vulnerabilities including mis-configurations (Rouse, 2010). The shareware assessment tools are accessible online and can be used to supplement commercial scanners. Framework of risk assessment * Step 1 – categorizing information and information systems. Here unique department traits are highlighted and assigned impact levels (high, medium or low) in line with the security FISMA’s security objectives (confidentiality, integrity and availability). * Step 2 – security control families; common, hybrid, and system-specific security controls; tailoring and the identification of control enhancements...
Words: 3240 - Pages: 13
...1/19/2015 1/19/2015 One Giant Leap for Apex Design Wireless Network Plan One Giant Leap for Apex Design Wireless Network Plan Team B Team B Apex Design has found the need to incorporate a wireless network to collaborate with their existing wired network. Team B found this opportunity to display to Apex what they can do to bring their company to enjoy the modern conveniences of a wireless network. This deployment plan will cover Team B’s recommendations based off of the site survey provided by Apex. We will discuss our recommended wireless network type. The access point layout and how these points will be managed. We will go over the foreseen obstacles and what our plan is to overcome these obstacles. Finally, we will go over the security policy that should be implemented to keep Apex as secure with our wireless network as they are with their current wired network. IEEE Network Type Apex Designs has asked our company to design a wireless network for their business. This network will consist of several different pieces of hardware that all will work together to meet Apex’s needs. To ensure that the new network is operational, special considerations must be made as to which IEEE network standard to be used. Since Apex Designs is a business that has a preexisting network installed, the new network must be compatible with the legacy systems already in use. Failure to meet this requirement would cause major interruptions in work flow, thus hindering...
Words: 1940 - Pages: 8
...Recommended Network and suggestions Student’s name University name Instructor’s name 8th August 2014 What is the first step you will take in developing a strategy to respond to this situation? The reviewed of the client requirements and their existing architecture it sounds like there is no wireless architecture in place also security policies. As described on the requirements Richton’s intent to resolve a large scope of network performance and security issues by doing a simple quick fix to enhance their network. The first step I will take in developing a strategy to respond to this situation. During the meeting I would like to discuss with Richton Toy management team the security risk installing 802.11b wireless...
Words: 1357 - Pages: 6
...Manufacturing is an up-and-coming company that is now expanding to China, as well as other locations throughout the United States. The company will have the need for new equipment, a set-up appropriate for all locations to be able to communicate together on a weekly basis, and security is a priority. With the headquarters being located in Atlanta, GA, they house the corporate operations, marketing, administrative staff, and accounting personnel. The engineering and sales departments are located across the street from the headquarters building. There are distribution offices in Chicago, Phoenix, and New York and the plant is in China. All of these places need the ability to communicate with each other so the company can run smoothly. Currently, each location sends people once a week to a weekly meeting the company has to stay on top of everything. Network Design The best network design for Acme Manufacturing would be a star topology, which would use CAT5 UTP. Using this cable would allow each location to have the ability to directly connect to headquarters and, with the implementation of a Virtual Private Network (VPN) that is configured with Layer Two Technology Protocol (L2TP) and IPSec for security, the sales and engineering departments located across the street will be able to communicate with headquarters. The new plant in China will utilize satellite signals to communicate with headquarters. Acme should lease three T1 lines, which run from the headquarters in Atlanta to...
Words: 1704 - Pages: 7
...Defense of the Solution ............................................................................................................... 6 Methodology Justification .......................................................................................................... 6 Explanation of the Organization of the Capstone Report ........................................................... 7 Security Defined ............................................................................................................................. 8 Systems and Process Audit ............................................................................................................. 9 Company Background ................................................................................................................ 9 Audit Details ................................................................................................................................. 10 Topology ................................................................................................................................... 10 Wireless Fidelity ....................................................................................................................... 11...
Words: 12729 - Pages: 51
...threat to organization image, the establishment of an effective security measures and reassessment of organizational risk management approaches in order to cater with latest implication trend in network security. This report is based on literature review, analytical analysis of case studies, news articles magazines to highlight vulnerability and implication of malware attack to an organization, highlights the salient features of malware attack, malware attacks that can significantly hurt an enterprise information system, leading to serious functional commotions, can result into destructing the basic IT security up to identity theft, leakage of data, stealing private information, corporate information system blue prints, industrial white papers and networks break down. The only constant in the world of technology is a change, report highlights the latest trends, dimension and implication of malware attack and new critical source of threats, within the perspective of constantly changing IT world (e.g. cloud services-integration) Enterprise may not effectively device and manage malware threat and 'risk assessment processes. This report highlight the malware propagation process, malware vulnerability, the types of malware, optimistic cost effective solution in order to minimize security risk for an Enterprise information systems. This Report highlights salient features for designing an effective security policies in order to proactively addressing malware threats issues as key...
Words: 3648 - Pages: 15
...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN Contents Course........................................................................................................ Error! Bookmark not defined. Introduction ............................................................................................................................................ 3 Abstract .................................................................................................................................................. 4 Company Background.............................................................................................................................. 4 Software Weaknesses and Recommendations......................................................................................... 5 Hardware Weaknesses and Recommendations........................................................................................ 6 Network Security flaws and Recommendations ....................................................................................... 7 REFERENCES:........................................................................................................................................... 7 Introduction A company that deals with making web site and web business solutions is known as Quality web design. The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting...
Words: 1406 - Pages: 6
...Between ‘Implementation’ and ‘Policy’ and Describes the Importance of Their Separation Management defines information security policies to describe how the organization wants to protect its information assets. After policies are outlined, standards are defined to set the mandatory rules that will be used to implement the policies. Some policies can have multiple guidelines, which are recommendations as to how the policies can be implemented. Finally, information security management, administrators, and engineers create procedures from the standards and guidelines that follow the policies. This is a major flaw in the linear model because policies often change as they move through bureaucracies to the local level where they are implemented. ‘Implementation always makes or changes policy to some degree’, (Lindblom 1980). ‘Policy implementers interact with policy-makers by adapting new policies, co-opting the embodied project designs or simply ignoring new policies, hence underscoring the fact that implementers are crucial actors whose actions determine the success or failure of policy initiatives’, (Juma and Clarke 1985). Better practice implementation plans are scalable and flexible. They reflect the degree of urgency, innovation, complexity and/or sensitivity associated with the particular policy measure, and provides sufficient detail to support and inform successful implementation. One of the most important effects of the division between policy-making and implementation is...
Words: 1375 - Pages: 6
...In a computer network evaluation it is important to cover various areas to determine which are satisfactory and which are in need of improvement. The following 15 evaluations will be used to access the current state of the network: 1. Evaluation of Client Computer Hardware In the evaluation of client computer hardware, this evaluation seeks to identify all client computer assets owned by the company. All laptops and desktops owned by the company should be made available as needed in order for the evaluation to be as accurate as possible. It will be necessary to perform a review of all client computers that connect to the company assets. These machines will be analyzed for speed, performance, and reliability. I will look for variations in hardware manufacturers. Depending on the circumstance, it can result in better TCO (Total Cost of Ownership) if client computers are limited to one or two manufacturers. In addition, machines that are broken, out of warranty, or outdated will be recommended for repair or replacement. 1. 2. Evaluation of Client Computer Software In the evaluation of client computer software, I will seek to identify all software that is installed on client computers and being used in the workplace. This evaluation can be performed using software metering in software such as Microsoft System Center Configuration Manager, if installed. If not installed, this information will be collected manually by viewing the installed software on each machine. ...
Words: 2399 - Pages: 10
