Question

In: Computer Science

You were hired as the manager for network services at a medium-sized firm. This firm has...

You were hired as the manager for network services at a medium-sized firm. This firm has 3 offices in 3 American cities. Recently, the firm upgraded its network environment to an infrastructure that supports converged solutions. The infrastructure now delivers voice, data, video, and wireless solutions. Upon assuming the role of network manager, you started reviewing the documentation and policies in place for the environment to ensure that everything is in place for the upcoming audit. You notice that a formal network security policy is nonexistent. You need one. The current network environment and services are as follows:

  • The environment hosts a customer services database.
  • The e-mail service is available, with each user having his or her own mailbox.
  • There is a sales team of 20 staff. They work remotely using laptops.
  • A routed voice network exists between offices.
  • Web services are available to clients on the Internet.
  • Wireless services cover public areas and conferences rooms.

Considering the network environment, services, and solutions that are supported, develop a network security policy of 3–4 pages for the environment, including the following:

  • Give consideration to each service, and recommend protection measures.
  • Risk mitigation is of extreme importance.
  • Confidentiality and integrity are important factors of network security. However, it should not affect availability.

Solutions

Expert Solution

Answer:-

network security policy primarily helps in protecting a computer network from network security threats – both internal and external – from the organization or network. It is generally a broad document and varies based on the underlying environment, organization and/or legal requirements. Typically a network security policy documents:

  • Rules and legal procedures to access the network and to modify its characteristics.
  • Governance and management over Web/Internet access
  • Implementation of security procedures (access control) on network nodes and devices
  • Role/Privilege based policies, such as identifying authorized and unauthorized services/processes any user can perform on the network

A network security policy is usually part of a broader information security policy.

There is no definitive mechanism for protecting a network because any security system can be subverted or compromised, if not from the outside then certainly from the inside. Ultimately to secure a network is to implement different layers of security so that an attacker must compromise two or more systems to gain access to critical assets. The first step in enforcing policies is to define the policies that will be enforced. Security measures often restrict personnel in their operating practices and make some activities less convenient which results in a temptation to boost security regulations. Network policies are, therefore, govern how a network should be implemented and configured to streamline employee’s operation in ordinary conditions as well as guides how to react during the occurrence of abnormalities. In this context, the following section explains the imposition of policies measures of each term or principle of network security to protect information and systems.

Device Security

You will most likely identify different network segments with different security requirements while designing security for your network. For instance, some servers will need to be accessible by the employees. Some of on the other hand will be openly accessible. Hence, to implement security for different divisions or subdivision, you will erect perimeters that can only be crossed by certain types of traffic in the form of Public network, Private network, and semi-private network. The limitations of such network segments are founded by devices such as a router, gateway, bridge, and switch which are capable of regulating and controlling the flow of packets into and out of the segment. Communication and monitoring devices are typically deployed in the network for various purpose, must be configured properly according to requirement and accessed on the ground of given privilege and profile of users as well as, their inbuilt software most up to dated. Apart from that following measure should be taken in the context of device security as

  1. The company must sign an NDA to each employee about not disclosing the details of deployed devices inside the perimeter.
  2. Regularly applied patches and security updates released by vendors.
  3. ACL should be maintained to permit or deny TCP and UDP traffic.
  4. Services must be disabled if they are not in use.

Internet Access

Internet access policies include automatically blocking of all websites identified as inappropriate (especially social media related sites) for company user. Moreover, internet access should be based on the work nature of the employee. The Internet constructs a network topology in itself and connects various crucial assets of the company for example server, account sections, etc. therefore, must be filtered, and monitored properly before wielding.

VPN Policy

VPN provides a means to protect data while it travels over an untrusted network. VPN is intended for employee use of organization-owned computer system only. All kind of remote access to corporate network should be routed via VPN with a valid corporate-approval, standard operating system along with appropriate security patches. Access to company computer from home via the internet should not be allowed. To protect the network when VPN are used for remote user access, the security administrator should ensure that adequate protection is implemented over endpoints by applying L2TP with IPSec. Moreover, VPN vendors include firewalling functionality in their client to filter traffic.

Port Communication Policy

Communication ports either inbound or outbound at the workstation for unnecessary services must strictly be in the blocked state apart from essential service such as HTTP, HTTPS, etc. as it being mostly noticed that ports open for several services opened needlessly, that typically induces the hacker to breach the system with ease. Such security measures could be applied by the system administrator at Firewall end as the first line of defense. Hence, a workstation that does directly communicate to the internet must be limited to use only authorized communication services or ports in inbound connection.

Wireless LAN Policy

To stop the possible abuse of wireless network, there should be proper user authentication ensured along with the appropriate replacement of WEP and anomaly tracking mechanism on wireless LAN. Moreover, 802.11i security measures such as TKIP, CCMP should be employed for encryption. At the same time, there is the following list of suspicious events on wireless LAN which should always consider for intrusion detection as;

  • Beacon frames from unsolicited access point
  • Flood of unauthenticated frames (MITM attack)
  • Multiple incorrect SSID on closed network
  • Frames with duplicated MAC address.
  • Randomly changing MAC address

Remote Connection Policy

Data security is becoming a vital issue as more organizations establish network links between their employees to share information and increase productivity. As personnel more often prefer to work from home, security begins with a terminal session between an authorized user and a remote host on a network and user can perform all functions as if he were actually on the remote host. At the same, mismanagement of user credentials can lead to exploitation too. Hence, direct access to critical server or system of an organization should be strictly in restricted mode via remote login or SSH utility in exception to authorized user. However, encrypted access could be permissible.

Firewall Rules Policy

When a user connects to an insecure, open network, such as the Internet, he opens a large doorway for potential attacks. One of the best ways to defense against exploitation from the insecure network is to employ firewalls at the connection point end, as it is a necessity to safeguard their private networks and communication facilities. There should be rules enforcement policy varies to the type of firewall and resource deployment on the network as.

  • In the case of dedicated server access, an application proxy firewall must be placed between the remote user and dedicated server to hide the identity of the server.
  • Secondly, if the requirement of traffic filtering based on source and destination IP/Port address, packet-filtering firewall placement is quite useful which augment speed of transmission too.
  • On the other hand, when speed is not a concern, state table (stateful inspection firewall) filters configuration at the network is an appropriate choice which dynamically validates the connection and forwards the packet.
  • Moreover, NAT should also be employ as it complements the use of firewalls in providing an extra measure of security for an organization’s internal network, especially preventing DDOS or many SYN flooding attacks.
  • If you need a higher level of control than is available by preventing an IP address from communicating with your server, IP packet filtering can be used.

ETHICAL HACKING TRAINING – RESOURCES (INFOSEC)

Intrusion Policy

IDS should be housed for anomaly detection and monitoring unauthorized access, as for the extreme line of defense, firewall or antivirus are not sufficient. Security administrator must constantly check system and security log files for something suspicious. Moreover, use Advance Antivirus which has inbuilt IDS/IPS capability, for inappropriate auditing rights, elevated privileges, incorrect groups, altered permission, registry change, inactive users and much more. Most importantly, IDS software is configured on the top of an OS, but network intercepting IDSs are increasingly being deployed as hardware application because of performance perspective.

Proxy Server Policy

A proxy server typically resides between server and user, for both offensive and defensive purpose. When deploying a proxy server, the following checklist must make sure as:

  1. Logging facility should be enabled for all services
  2. Never allow the proxy to accept outside connection.
  3. The proxy must be running with most up-to-date patches and software.

Secure Communication Policy

Data that passes through many channels including a switch, routers on the network in unencrypted form, is vulnerable to many attacks such as spoofing, SYN flooding, sniffing, Data alteration, and session hijacking. Although, you are not in control to of the devices that your data might pass over, but you can secure the sensitive data or may be secure the communication channel from being data accessible to some extent. Hence, employment of numerous ciphering tactics such as SSL, TLS or, IPSec, PGP, SSH can encrypt all kind of communication such as POP, HTTP, POP3 or IMAP, and FTP because SSL packets can be passed through firewalls, NAT servers, and other network devices without any special considerations other than making sure the proper ports are open on the device. If we have some data need to transmit data over a network securely, then there are some security initiatives one need to take to mitigate the risk of an attack:

  • Authenticate the identity of people (and/or computers) who will send packets
  • Make sure that the data will not be tampered with (no MITM attack encountered)
  • Ensure that the data will not be read by any unauthorized individual between you and the source.

DMZ Policy

Certain system or server for instance e-mail, web server, database etc.…that need to access the public internet, must be deployed on a dedicated subnet which separates from the internal system from outside, because publicly accessible system comes directly under attack by hackers. A potential attack against critical system can be undermined or even negligible by placing them in the segregated network along with the firewall.

Conclusions

Network security policies revolve around protecting all the resources on a network from threats and further exploitation. We must not only consider the machine established on the network, but other essential network devices, network transmission media, and the data being transmitted across the network. By the end of this article, you got a thorough understanding of various network security aspects, on which there is a possibility to impose policies to establish robust, reliable, and secure network architecture. Network policies is draft by an organization to comply by its each entity for betterment of operation rather so that sort of defense could be maintained, as network vulnerability could transpire in any form and later exploited to gain access to the system, resorting to number of ways that a system can be compromised like malware infection, software bugs, an executable, code injection and many more.


Related Solutions

You are the security Manager for a medium-sized bank
You are the security Manager for a medium-sized bank You have been asked to design a security solution to keep intruders out of the bank after hours. The three areas of the bank you need to secure are the parking lot, the building perimeter, and the vault. List what technologies you would use in each of these areas and explain why you would use them. Please write your answer in the box below.  You have been hired as a security...
You are the audit manager at Price & Coopers a medium-sized audit firm undertaking the audit...
You are the audit manager at Price & Coopers a medium-sized audit firm undertaking the audit for the year ended 30 June 2018 of Sera Ve Tech Ltd, an electronic component manufacturer located in Sydney. During the planning stage of the audit you discovered that one of Sera Ve Tech Ltd’s major suppliers went bankrupt one month ago, causing major product shortages. To overcome the problem, James Marshall, the husband of the finance director, Norita James, provided electronic components to...
You are the audit manager at Black Blue. a medium-sized audit firm undertaking the audit for...
You are the audit manager at Black Blue. a medium-sized audit firm undertaking the audit for the year ended 30 June 20X8 of High Tech Limited (High Tech), an electronic component manufacturer located in Sydney. During the planning stage of the audit you discovered that one of High Tech's major suppliers went bankrupt one month ago, causing major product shortages. To overcome the problem, Peter James, the husband of the finance director, Natalie James, provided electronic components to High Tech...
You are the audit manager at KPMG & Coopers a medium-sized audit firm undertaking the audit...
You are the audit manager at KPMG & Coopers a medium-sized audit firm undertaking the audit for the year ended 30 June 2018 of Vesta Tech Ltd, an electronic component manufacturer located in Sydney. During the planning stage of the audit you discovered that one of Vesta Tech Ltd’s major suppliers went bankrupt one month ago, causing major product shortages. To overcome the problem, Jonathon Marshall, the husband of the finance director, Nimat Marshall provided electronic components to Vesta Tech...
You are the audit manager at Black & Blue, a medium-sized audit firm undertaking the audit...
You are the audit manager at Black & Blue, a medium-sized audit firm undertaking the audit for the year ended 30 June 2018 of High Tech Ltd, an electronic component manufacturer located in Sydney. During the planning stage of the audit you discovered that one of High Tech Ltd’s major suppliers went bankrupt one month ago, causing major product shortages. To overcome the problem, Peter James, the husband of the finance director, Natalie James, provided electronic components to High Tech...
You are a network administrator in a medium-sized company. The owner has heard of using RIP...
You are a network administrator in a medium-sized company. The owner has heard of using RIP and OSPF on the routers and that it will help your network. He isn't very computer savvy, so he wants you to explain it to him and tell him what to use and how you are going to implement it. Write a memo using standard memo format that outlines this for your company's owner using either a Microsoft Word Memo template or another example,...
Scenario: You are a network administrator in a medium-sized company. The owner has heard of using...
Scenario: You are a network administrator in a medium-sized company. The owner has heard of using RIP and OSPF on the routers and that it will help your network. He isn't very computer savvy, so he wants you to explain it to him and tell him what to use and how you are going to implement it. Write a memo using standard memo format that outlines this for your company's owner using either a Microsoft Word Memo template or another...
Hi-Volt Components You are the IT manager at Hi-Voltage Components, a medium-sized firm that makes specialized...
Hi-Volt Components You are the IT manager at Hi-Voltage Components, a medium-sized firm that makes specialized circuit boards. Hi-Voltage's largest customer: Green Industries, recently installed a computerized purchasing system. If Hi-Voltage connects to the purchasing system, Green Industries will be able to submit purchase orders electronically. Although Hi-Voltage has a computerized accounting system, that system is not capable of handling EDI. Tasks 1. What options does Hi-Voltage have for developing a system to connect with Green Industries Purchasing system? 2....
You are the city manager of a medium sized city in a rural area, around a...
You are the city manager of a medium sized city in a rural area, around a population of 20,000. Your city applied for and received a grant from an organization that will allow you to develop a system of systems approach to the regional solid waste issues. What would be your approach? Look at how you could improve recycling, gain energy from the collected resources, reduce the amount of material sequestered into a landfill, and what would you do with...
Payroll. Canada. Ontario You are the Payroll Manager for a medium sized organization in the aluminum...
Payroll. Canada. Ontario You are the Payroll Manager for a medium sized organization in the aluminum industry. To remain competitive and retain employees, your organization is considering offering a pension plan. The Chief Financial Officer (CFO) is concerned that this will increase work at year end when the payroll staff are already extremely busy. Write a memo to the CFO outlining the different types of plans and the year-end requirements for each.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT