In: Computer Science
You were hired as the manager for network services at a medium-sized firm. This firm has 3 offices in 3 American cities. Recently, the firm upgraded its network environment to an infrastructure that supports converged solutions. The infrastructure now delivers voice, data, video, and wireless solutions. Upon assuming the role of network manager, you started reviewing the documentation and policies in place for the environment to ensure that everything is in place for the upcoming audit. You notice that a formal network security policy is nonexistent. You need one. The current network environment and services are as follows:
Considering the network environment, services, and solutions that are supported, develop a network security policy of 3–4 pages for the environment, including the following:
Answer:-
network security policy primarily helps in protecting a computer network from network security threats – both internal and external – from the organization or network. It is generally a broad document and varies based on the underlying environment, organization and/or legal requirements. Typically a network security policy documents:
A network security policy is usually part of a broader information security policy.
There is no definitive mechanism for protecting a network because any security system can be subverted or compromised, if not from the outside then certainly from the inside. Ultimately to secure a network is to implement different layers of security so that an attacker must compromise two or more systems to gain access to critical assets. The first step in enforcing policies is to define the policies that will be enforced. Security measures often restrict personnel in their operating practices and make some activities less convenient which results in a temptation to boost security regulations. Network policies are, therefore, govern how a network should be implemented and configured to streamline employee’s operation in ordinary conditions as well as guides how to react during the occurrence of abnormalities. In this context, the following section explains the imposition of policies measures of each term or principle of network security to protect information and systems.
Device Security
You will most likely identify different network segments with different security requirements while designing security for your network. For instance, some servers will need to be accessible by the employees. Some of on the other hand will be openly accessible. Hence, to implement security for different divisions or subdivision, you will erect perimeters that can only be crossed by certain types of traffic in the form of Public network, Private network, and semi-private network. The limitations of such network segments are founded by devices such as a router, gateway, bridge, and switch which are capable of regulating and controlling the flow of packets into and out of the segment. Communication and monitoring devices are typically deployed in the network for various purpose, must be configured properly according to requirement and accessed on the ground of given privilege and profile of users as well as, their inbuilt software most up to dated. Apart from that following measure should be taken in the context of device security as
Internet Access
Internet access policies include automatically blocking of all websites identified as inappropriate (especially social media related sites) for company user. Moreover, internet access should be based on the work nature of the employee. The Internet constructs a network topology in itself and connects various crucial assets of the company for example server, account sections, etc. therefore, must be filtered, and monitored properly before wielding.
VPN Policy
VPN provides a means to protect data while it travels over an untrusted network. VPN is intended for employee use of organization-owned computer system only. All kind of remote access to corporate network should be routed via VPN with a valid corporate-approval, standard operating system along with appropriate security patches. Access to company computer from home via the internet should not be allowed. To protect the network when VPN are used for remote user access, the security administrator should ensure that adequate protection is implemented over endpoints by applying L2TP with IPSec. Moreover, VPN vendors include firewalling functionality in their client to filter traffic.
Port Communication Policy
Communication ports either inbound or outbound at the workstation for unnecessary services must strictly be in the blocked state apart from essential service such as HTTP, HTTPS, etc. as it being mostly noticed that ports open for several services opened needlessly, that typically induces the hacker to breach the system with ease. Such security measures could be applied by the system administrator at Firewall end as the first line of defense. Hence, a workstation that does directly communicate to the internet must be limited to use only authorized communication services or ports in inbound connection.
Wireless LAN Policy
To stop the possible abuse of wireless network, there should be proper user authentication ensured along with the appropriate replacement of WEP and anomaly tracking mechanism on wireless LAN. Moreover, 802.11i security measures such as TKIP, CCMP should be employed for encryption. At the same time, there is the following list of suspicious events on wireless LAN which should always consider for intrusion detection as;
Remote Connection Policy
Data security is becoming a vital issue as more organizations establish network links between their employees to share information and increase productivity. As personnel more often prefer to work from home, security begins with a terminal session between an authorized user and a remote host on a network and user can perform all functions as if he were actually on the remote host. At the same, mismanagement of user credentials can lead to exploitation too. Hence, direct access to critical server or system of an organization should be strictly in restricted mode via remote login or SSH utility in exception to authorized user. However, encrypted access could be permissible.
Firewall Rules Policy
When a user connects to an insecure, open network, such as the Internet, he opens a large doorway for potential attacks. One of the best ways to defense against exploitation from the insecure network is to employ firewalls at the connection point end, as it is a necessity to safeguard their private networks and communication facilities. There should be rules enforcement policy varies to the type of firewall and resource deployment on the network as.
ETHICAL HACKING TRAINING – RESOURCES (INFOSEC)
Intrusion Policy
IDS should be housed for anomaly detection and monitoring unauthorized access, as for the extreme line of defense, firewall or antivirus are not sufficient. Security administrator must constantly check system and security log files for something suspicious. Moreover, use Advance Antivirus which has inbuilt IDS/IPS capability, for inappropriate auditing rights, elevated privileges, incorrect groups, altered permission, registry change, inactive users and much more. Most importantly, IDS software is configured on the top of an OS, but network intercepting IDSs are increasingly being deployed as hardware application because of performance perspective.
Proxy Server Policy
A proxy server typically resides between server and user, for both offensive and defensive purpose. When deploying a proxy server, the following checklist must make sure as:
Secure Communication Policy
Data that passes through many channels including a switch, routers on the network in unencrypted form, is vulnerable to many attacks such as spoofing, SYN flooding, sniffing, Data alteration, and session hijacking. Although, you are not in control to of the devices that your data might pass over, but you can secure the sensitive data or may be secure the communication channel from being data accessible to some extent. Hence, employment of numerous ciphering tactics such as SSL, TLS or, IPSec, PGP, SSH can encrypt all kind of communication such as POP, HTTP, POP3 or IMAP, and FTP because SSL packets can be passed through firewalls, NAT servers, and other network devices without any special considerations other than making sure the proper ports are open on the device. If we have some data need to transmit data over a network securely, then there are some security initiatives one need to take to mitigate the risk of an attack:
DMZ Policy
Certain system or server for instance e-mail, web server, database etc.…that need to access the public internet, must be deployed on a dedicated subnet which separates from the internal system from outside, because publicly accessible system comes directly under attack by hackers. A potential attack against critical system can be undermined or even negligible by placing them in the segregated network along with the firewall.
Conclusions
Network security policies revolve around protecting all the resources on a network from threats and further exploitation. We must not only consider the machine established on the network, but other essential network devices, network transmission media, and the data being transmitted across the network. By the end of this article, you got a thorough understanding of various network security aspects, on which there is a possibility to impose policies to establish robust, reliable, and secure network architecture. Network policies is draft by an organization to comply by its each entity for betterment of operation rather so that sort of defense could be maintained, as network vulnerability could transpire in any form and later exploited to gain access to the system, resorting to number of ways that a system can be compromised like malware infection, software bugs, an executable, code injection and many more.