...taskings that are very dependent on a business network to achieve these tasks. Many businesses whether private, public, or federal rely solely on their computer networks to protect, store, and disseminate information within its internal networks among employees and to its external customers reaching out to provide important business information. How do businesses and organizations protect these networks from potential malicious activity that could interfere with their daily business needs? There are various methods of protecting these networks which will be examined in this paper on the advantages and disadvantages of protecting your networks and enhancing operational security in today’s business world. There are various ways for a business or an organization to protect their network that would include management controls, operational controls, and technical controls that are in place to ensure any network meets certain security requirements. Various security protection methods fall into these categories which will be examined in this paper. Reviewing audit logs can be time consuming but it is an effective process that cannot be overlooked when protecting your networks. Security-relevant events, which meet audit requirements, should be collected, processed, and stored by automated means. These events should be available for analysis that can be performed by using a combination of automated and manual techniques. Network operations security staff in conjunction with system...
Words: 295 - Pages: 2
...Case Study Strayer University SEC 305 It is vital to ensure the safety of a central computer system that is accessed by multiple branches, staff members and remote users. The diversity of an enterprise environment dictates the need to consider multiple aspects when planning for access. Normally, an internal LAN is considered a secure network. Due to its broadcast nature, wireless communications are not considered as secure. Such networks are vulnerable to eavesdropping, rogue access points, and other cracking methods. For remote access, VPN solutions such as dial-up, IPSec VPN, and SSL VPN are commonly used and any access to data center devices must be protected and secured. In the data center, access lists are used to prevent unauthorized access, and reverse-proxy servers use authentication mechanisms to provide a higher degree of security for applications. The need for security is constantly evolving. Maintaining individual security methods for each access scenario can be expensive. There are better alternatives for securing enterprise access. Some that is cost-effective, easy to manage and secure, while addressing performance and scalability requirements. Basic security requirements consist of: • Verification of user credentials and services to define user access. • Client integrity checks that consists of endpoint security verification and of redirecting users to predefined subnets to download compliant anti-virus software...
Words: 612 - Pages: 3
...Abstract Installing and getting a Small Office Home Office (SOHO) network set up is a simple task when using “Off The Shelf” equipment and the default configuration. Sadly it is not as secure as one would like. Using the default configuration leaves the network open to would be hackers, hijackers and the next door neighbor looking to get some free internet. Today we are going to discuss the equipment used to build our SOHO and then how to step outside of the box and ensuring that we are secure. Our small businesses has a total of 5 employees working out of a converted basement. We use Verizon FIOS for our ISP using a Actiontec Wireless Broadband Router (GigE), 5 laptops, 1 PC and 1 wireless printer. . Router The backbone of our SOHO network is the Actiontec Wireless Broadband Router (GigE) model number MI424WR (GigE). Out of the box it "support very high speed Internet service." with "speeds up to 1000 Mbps wired (with the Gigabit Ethernet interface) and 300 Mbps wireless” using a 802.11b/g/n chipset. It comes prebuilt with an Enterprise level security including; customizable firewall, stateful packet inspection, Denial of Service (DoS) protection, content filtering, intrusion detection, WPA and WEP WIFI encryption. . Physical Network Configuration Our SOHO networks physical layout is pretty standard. Outside of the building is the Fiber Optic line that feeds into the Optical Network Terminal (ONT) for the building. From there a coaxial cable runs to the Actiontec Wireless...
Words: 881 - Pages: 4
...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...
Words: 3209 - Pages: 13
...SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING Securing Wi-Fi Rogue Access within an Enterprise Setting Daniel Joel Clark A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the...
Words: 18577 - Pages: 75
...Describe the challenges of securing information 2 Objective 2: Define information security and explain why it is important 3 Objective 3: Identify the types of attackers that are common today 5 Hackers 5 Script Kiddies 5 Spies 5 Insiders 5 Cybercriminals 6 Cyberterrorists 6 Objective 4: List the basic steps of an attack 6 Objective 5: Describe the five basic principles of defense 7 Layering 7 Limiting 7 Diversity 7 Obscurity 8 Simplicity 8 Works Cited 8 Chapter 1 Objectives To accomplish the learning objectives for Chapter 1: • I have read all of Chapter 1 in the course textbook (pages 1-39); including understanding the key terms on (pages 28-29). • I have read and answered all of the review questions on (pages 29-32), then compared my decisions with the solutions posted on Canvas, any incorrect answers I corrected and confirmed in the chapter. • I have read and worked through Hands-On Projects 1-1 through 1-4 to facilitate in achieving each of the stated learning objectives. • I have read, worked through and evaluated Case Projects 1-1 through 1-8 on (pages 36-38). • I have participated in all class presentations and discussions about Chapter 1 • I have read through and examined Chapter1 slide presentations. The learning objectives for this chapter are as follows: Objective 1: Describe the challenges of securing information To achieve this objective, I have read in the course textbook (pages 5-11) Challenges of Securing Information including...
Words: 3169 - Pages: 13
...white pAper: cloud Securit y Securing the Cloud for the Enterprise A Joint White Paper from Symantec and VMware White Paper: Cloud Security Securing the Cloud for the Enterprise for A Joint White Paper from Symantec and VMware Contents Executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.0 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1 1.2 1.3 1.4 Enterprise computing trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Transitions in the journey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Evolving threat and compliance landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 A security strategy for the cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Key elements of cloud security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
Words: 5327 - Pages: 22
...Securing and Protecting Information Jane Doe CGMT/400 March 9, 2015 John Doe Securing and Protecting Information As the most important asset within the organization it is necessary to provide measures that can effectively protect data from loss and unauthorized intrusions. Information security involves authenticating users with a high level of protocol and promoting accountability within the information infrastructure. This approach may involve use of the organization assets, identification, authentication, authorization and the use of third party security systems or devices to protect data from unauthorized access. Security Authentication Process The security authentication process is the first step in information security and assurance. This process involves “binding a specific ID to a specific computer connection” (University of Phoenix, 2011) in order to authenticate access to the information system. During this process the user provides a user ID and password to the computer system or remote server to verify his or her identity. Authentication is accomplished when the system or server matches the user ID to a specific password and grants the user remote access to system resources. Identification The identification process is an access control element designed to match a user to a specific process. The identification process is performed the first time a user ID is issued to a specific user. User IDs have unique values and can...
Words: 1903 - Pages: 8
...Network Hardening Client side attacks are attacks that target vulnerabilities in client applications that interact with a malicious server or process malicious data. Here, the client initiates the connection that could result in an attack. If a client does not interact with a server, it is not at risk, because it doesn’t process any potentially harmful data sent from the server. Merely running an FTP client without connecting to an FTP server would not allow for a client-side attack to take place. Simply starting up an instant messaging application potentially exposes the client to such attacks, because clients are usually configured to automatically log into a remote server. With this client server diagram there is only one firewall posted between the internet and the web server. I would consider placing a firewall between the wireless and the switch. Modern firewalls have the capability to function as a router, opposing the need of additional device on the network. However, if you have a large number of hosts in the Demilitarized Zone DMZ, you may wish to consider a router with fundamental filtering rules; placing one on the network can reduce the load on the firewall itself. The network has only one mutual Internet connection; I would protect it by enabling Internet Connection Firewall. Internet Connection Firewall can only check the infrastructures that cross the Internet connection on which it is enabled. Because Internet Connection Firewall works on a per connection...
Words: 369 - Pages: 2
...WLAN, and the ramification if the WLAN is breached. Sebastian Bach Two ways to secure a WLAN, and the ramification if the WLAN is breached. There is an added vulnerability when securing a WLAN than there is with a LAN. The multitude of packets floating around going from one or more access points to a variety of electronic devices can be a tempting arena for those wanting to gain illicit access. There are several ways to increase the security level of a WLAN. The most basic of these would be a router with an integrated firewall. This is almost exclusively found in residential settings. Keeping to the same architecture, firewalls can be quite complex in their modus operandi. Where basic firewalls work on the first three or four layers of the OSI model, the more complex firewalls operate on all seven levels of the OSI model. Often times accompanying these higher end firewalls, there is what is known as a bastion. A bastion is located on the public side of the firewall and acts as bait for would be attackers. The thought behind a bastion is to get the would-be attackers to go there, thinking they have accessed the protected network. Bastions are completely unguarded to make this process easier. Another method of making a WLAN secure is to encrypt data that is on the network. If this is done, the users will authenticated, which will yet again further strengthen the WLAN. For this it is recommended to utilize either WPA or WPA 2 wireless encryption. In conjunction to...
Words: 504 - Pages: 3
...Technical Writing Project Coversheet Capstone Proposal Project Name: Securing the Universal Serial Bus Interface for the Enterprise Environment Student Name: Steve Wild _ Degree Program: Bachelor of Science in Information Technology – Security Emphasis _ Mentor Name: Yolanda DuPree____________________________________________________ Signature Block: Student’s Signature: _______________________________________________________ Mentor’s Signature: _______________________________________________________ Running head: SECURING THE USB INTERFACE 1 Securing the Universal Serial Bus Interface for the Enterprise Environment Steve Wild Western Governor’s University SECURING THE USB INTERFACE 2 Summary The USB interface is one vector of possible attack against a company and must be proactively defended against data theft, data loss, and corporate espionage in order for a company to maintain a secure enterprise environment, minimize downtime, and maximize productivity. Project Goals and Objectives There are several goals that will be accomplished during this project: explore the hardware problems, explore the software problems, explore the policy problems, and give real world examples. The objectives are: provide example...
Words: 3010 - Pages: 13
...year. What can be done to prevent the release of potentially sensitive information? There are several precautions that can make a big difference when it comes to security breaches. Three of the most important are keeping software up-to-date, securing your network and properly training your employees. Keep Software Up-to-date Earlier this year, thousands of Oregonians who used state websites to pay child support, file unemployment claims and renew their vehicle registration were left vulnerable to attackers who could intercept Social Security numbers and other sensitive information. This vulnerability was due to the use of outdated encryption protocols on the state of Oregon’s websites. One of the easiest ways to avoid security breaches is simply to keep all software and systems up-to-date. Using outdated encryption, last year’s virus protection software or an operating system from 1998 is a recipe for disaster. Secure Your Network During late 2014, the State Department revealed that hackers had breached its unclassified email system. While the government claims that no sensitive information was lost, we have to wonder: why wasn’t this “unclassified” network encrypted with the same strength as its other networks? Securing networks by password protecting them and encrypting them is another easy way to avoid data breaches. Hackers are far more likely to take advantage of “low hanging fruit” than...
Words: 524 - Pages: 3
...PARTNER SOLUTION NOTE Monitor critical IT environments with a rack mounted network camera. Physically securing your business is just as important as virtually securing the information it holds. Network video cameras allow you to monitor physical access to critical IT environments, where strict data compliances apply. These controls can help identify individuals that physically access areas storing critical organizational and customer data, should an incident occur. Using high-quality network video to record individual access will ensure proactive protection of your network infrastructure, giving you the ability to see who accessed your servers and switches. Record and archive video to look back after an event has occurred or in real-time. > Protect valuable assets and customer information > Easy and flexible installation > Data privacy compliance IT Environment monitoring Monitor network hardware and search through video at an exact time period to determine when equipment was accessed for service, maintenance or malicious intent. It also easily integrates with access control devices for additional protection. Axis’ Corridor Format allows you to get a vertically oriented, “portrait”-shaped video stream from the camera. The video is adapted perfectly to the monitored area, maximizing image quality while eliminating bandwidth and storage waste. CommScope’s camera panel kit fits into any standard racking architecture such as wall hanging or free standing...
Words: 705 - Pages: 3
...router settings and deny internet service to the company. There is a very low likelihood that the router will be taken over by an unauthorized user. This is also a vulnerability in terms of access control, with no access to an ISP controlled router, Quality Web Design can not secure this router to limit unauthorized access. An edge router should have specific items addressed to ensure that it has as little vulnerability as possible. Here are a few points to consider when securing a router: • Make sure that the OS is patched and as up to date as possible • Protocols o use ingress and egress filtering o Screen ICMP traffic from the internal network • Disable unused ports, and services • Utilize strong passwords • Audit Internet facing administration links • Use static routing to limit an attackers ability to edit routes, and cause a DoS • Verify that auditing and logging are in place • Send router logs to a secure central location for storage and future review if necessary ("Securing your network") Impact on Business Process Were the...
Words: 718 - Pages: 3
...Securing Windows and Unix/Linux Servers Floyd E. Street DeVry University Securing Windows and Unix/Linux Servers With the constant threat of internet hackers on the rise, Companies must pay close attention to secure their computer networks from would be intruders. In order to maintain the highest level of security within the os servers you must first have knowledge of the vulnerabilities of the running operating system. It is those vulnerabilities in the system that the intruders will be searching your network for. The known shortcomings and vulnerabilities of Windows and Unix/Linux servers have dysfunctions that can be exploited to gain access to a company’s private information. This information in the wrong hands could cost an organization millions of dollars in security damages. One of the ways to prevent this type security breech is to make sure that your Windows and Unix/Linux servers has the right up dated patches for these operating systems. According to, (Conklin, W. A.2009) “One of the most effective measures security professionals can take to address attacks on their computer systems and networks is to ensure that all software is up-to-date in terms of vendor-released patches. Many of the outbreaks of viruses and worms would have been much less severe if everybody had applied security updates and patches when they were released.” Ignoring the update prompts on your system is not a wise thing to do. New vulnerabilities in operating...
Words: 471 - Pages: 2
