Layered Security Strategy for Ip Network Infrastructure

In: Computers and Technology

Submitted By lilmo037
Words 475
Pages 2
Week 4 Lab - Assessment Worksheet
Design a Layered Security Strategy for an IP Network Infrastructure

Lab Assessment Questions & Answers

1. Explain why a layered security strategy helps mitigate risk and threats both external and internal.

Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network.

2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access?

When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers.

3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data?

I would place the e-commerce server in the DMZ with the private and credit card data stored inside the internal network. The commerce server will have access to the private data and will pass it in an encrypted form to and from wherever it needs to go. The e-commerce server will be physically secured in the server room, possibly with an added locked server cabinet.

4. What recommendations do you have to secure the server farm from unauthorized access?

I would lock the servers…...

Similar Documents

Small Network Infrastructure

...Case Project 1-2 To accommodate a small network, not much equipment is required. A switch and enough Cat5 cable to connect each Workstation should do the trick. Since there are only 6 Workstation’s on this network it will take very little time to setup each one and train the employees on how to share resources. I would create power user accounts on each Workstation and join them to the same Workgroup and activate print and file share services. I would show each employee how to login to their Workstation and how to create their own password. Next I would show them how to find the shared or public folder and how they can move or copy files to and from this folder. I would also show them how to create and name their own folder within the shared folder so others can easily find the information they would need from them. I would let them know that as long as they don’t move files into this folder, the only way anyone can access their information is if they give out their user name and password. Case Project 1-3 This job should be relatively easy too. To setup a LAN on the new floor a couple of routers, a Workstation to use as a server and enough Cat5 cable to connect each Workstation. Since the new office is in the same building but on a different floor I would run a line to connect one of the routers from each floor. Once everything is in place I would configure the routers, the new server and the new workstations so communication and data transfer is possible......

Words: 280 - Pages: 2

Multi Layered Security Plan

...Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s internet/network and make notes...

Words: 518 - Pages: 3

Network Security

...FLORIDA INSTITUTE OF TECHNOLOGY Proactive vs. Reactive Network Security Making Your Network Unassailable A SHORT PAPER ASSIGNMENT THREE SUBMITTED TO: IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR CYB 5275: ENTERPRISE INFORMATION SECURITY BY CRAIG CANNON MELBOURNE, FLORIDA FEBRUARY 1ST 2013 Information Systems security has never been more critical around the world than it is today. Demand for new improved services has become intense causing enterprises to reinvent their infrastructures by erasing traditional network boundaries. The cyber security threat lurking outside those boundaries is causing security analyst to rethink their views on network security. As the BYOD (bring your own devices) and cloud computing trend becomes more commonplace, security by exclusion by attempting to maintain hard perimeters is no longer a viable option. As the number of network devices continues to increase, the number of vulnerabilities also increases as well. As more and more organizations continue to be overwhelmed by cyber attacks it will become evident that the current strategy of responding to attacks no longer works. To be affective analyst will have to change their strategy from a reactive to a proactive state. References Baker, SA and Dunlap, CJ Jr, (1 May 2012) ‘What is the Role of Lawyers in Cyberwarfare?’ http://www.abajournal.com...

Words: 394 - Pages: 2

Layered Security Strategy for Ip Network Infrastructure

...Week 4 Lab - Assessment Worksheet Design a Layered Security Strategy for an IP Network Infrastructure Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data? I would place the e-commerce server in the DMZ with the private and credit card data...

Words: 475 - Pages: 2

Multi-Layered Security

...Multi Layered Security Plan Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s......

Words: 302 - Pages: 2

Multi-Layered Security Plan

... implement a workstation logon for the user to authenticate the user for the security control of this domain. Users will be authenticated in the system by defining its credentials and roles to the system in order to gain permission and access to the IT infrastructure (Tipton and Henry, 2007). LAN Domain This is the domain where all the computers, printers, and servers connect to each other physically through wire or wireless connection. It is the logical or physical connection of the IT infrastructure. Logical connection is defined in IT infrastructure that System Administrator setup the user and managed the access control of all users by defining its credentials and roles. It is necessary to have a security policy in LAN domain to define the access level of users. In physical connection, this is the connection where are the cables, server and switch are located. Security policy is also necessary to this connection that the destruction or any threats to this connection may be compromised or interrupted. Unlike in the logical connection, only an authorize personnel or user can have a physical access to this server or any wiring closet to ensure the CIA triad of the IT infrastructure. LAN-to-WAN Domain This is the domain where the IT infrastructure connects from LAN to Wide Area Network (WAN) where all Information System would be available to the public. Security policy for this domain is necessary in order for the information asset of the organization will not be...

Words: 889 - Pages: 4

Multi-Layered Security Plan

...Earlier today, I was instructed to create a general purpose outline for our company’s multi-layered security plan. There are seven (7) domains in a typical IT infrastructure: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and System/Application Domain. Each domain has their own unique risks, threats, and vulnerabilities that need to be mitigated in order to ensure our company’s security. In the User Domain the first thing that should be done is create an acceptable use policy (AUP). An AUP defines what users are allowed to do with organization-owned IT assets. Violation of the terms defined in the AUP can be grounds for dismissal. We will require staff and other 3rd parties to sign a confidentiality agreement to keep private data confidential. In addition to signing a confidentiality agreement, some positions may require criminal background checks to help ensure security. Here at Richman Investments we need to conduct security awareness training, insert reminders in banner greetings, and send email reminders to employees with security related tips. Disabling internal CD drives and USB ports will help keep employees from accessing personal photos, music, and videos at work. Also enabling automatic virus scans for email attachments and all new files that reach the workstation. The Workstation Domain is where most users connect to the IT infrastructure. A Workstation can include a computer, smartphone or any other device...

Words: 807 - Pages: 4

Network Infrastructure Security

...Network Infrastructure Security Robert Collazo Rasmussen College Network Infrastructure Security The first thing that I will be covering is the virtual private network in windows 7. A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. The VPN connection across the Internet is technically a wide area network (WAN) link between the sites but appears to the user as a private network link—hence the name "virtual private network”. The following authentication protocols are supported for logon security for VPN connections in Windows 7: * PAP Stands for Password Authentication Protocol; uses plaintext (unencrypted) passwords. * CHAP Stands for Challenge Handshake Authentication Protocol; uses one-way MD5 hashing with challenge-response authentication. * MSCHAPv2 Stands for Microsoft Challenge Handshake Authentication Protocol version 2; an extension by Microsoft of the CHAP authentication protocol that provides mutual authentication of Windows-based computers and stronger data encryption. MSCHAPv2 is an enhancement of the earlier MS...

Words: 683 - Pages: 3

Nt2580 Project 1 Multi Layered Security Plan

...Nt2580 Project 1 Multi Layered Security Plan Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. Project Part 1 Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies b...

Words: 489 - Pages: 2

Network Security

...108 Lab #8 | Design a Layered Security Strategy for an IP Network Infrastructure Lab #8 – aSSESSmENT WORkSHEET Design a Layered Security Strategy for an IP Network Infrastructure Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you designed a layered security strategy, similar to the seven domains of a typical IT infrastructure, for the Cisco Mock IT infrastructure shown in Figure 8.2. You based your design on a set of functional and technical requirements. You also provided a written functional overview and description of how your security strategy meets the defined requirements. Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? Assessment Worksheet 3. What recommendations do you have for the future e-commerce server and deployment in regard to 109 physical location and backend security for privacy data and credit card data? 4. What recommendations do you have to secure the server farm from unauthorized access? 5. If the organization implemented wireless LAN (WLAN) technology, what would you recommend regarding the use of VPNs or encryption within the internal network when accessing the server farm? 6. What is the purpose of a proxy server on a DMZ? 7. What is the purpose of an......

Words: 314 - Pages: 2

Network Security

...Case Study: Network Security Computer networks of every company have the potential to be exposed to dangers that have the potential to do great harm. Individuals could gain access to Windows and Unix/Linux servers to exploit the company’s vulnerabilities. Computer networks are not only vulnerable to outsiders, but employees also have the opportunity to compromise the system. An unprotected network would open the door for malicious activity that could damage the company’s system, compromise company and customer information, and cost a great amount of precious time and money. A breach in the network could have a negative impact on finances, privacy, and information. Securing the Windows and Unix/Linux servers within a company from shortcomings and vulnerabilities to potential threats by both outsiders and insiders is an absolute necessity. This is achieved by using technical measures and enforcing security policies. One reason it is important to secure the servers is potential of the insider threat. With 1,500 employees, the chance of an attack from the inside is elevated. The threat could come in the form of a disgruntled employee, by someone looking for gain, or by someone who unknowingly compromises the system. Conklin and White (2010) stated the following: One of the hardest threats that security professionals will have to address is that of the insider. Since employees already have access to the organization and its assets, additional mechanisms need to be in place to...

Words: 647 - Pages: 3

Multi-Layered Security Outline Plan

.... Implementation of second-level identification authorization testing procedures for sensitive applications, data and systems LAN TO WAN DOMAIN Risk Threats and Vulnerabilities Security measures and controls Unauthorized Network probing and port scanning. Unauthorized access through the LAN-WAN domain. IP router firewall and Network applications, operating systems, software, configuration errors and weakness. Conduct strict security monitoring controls for Intrusion deception solutions, distributed denial-of-service prevention & Protection. Disabling ping and port scanning on all exterior IP devices within LAN to WAN domain. Automatic updating devices with approved security fixes and patches. Post configuration penetration test of layered security solutions with this domain. WAN DOMAIN Risk Threats and Vulnerabilities Security measures and controls Hackers, Attackers and perpetrators email Trojans, Worms and malicious software freely. Vulnerable to corruption of Information and data. Maximizing WAN performance availability. Encrypt IP data transmissions with VPN’s. Backup and store data in off -site data vaults (online or physical data back) with test recovery procedures. Install antivirus, anti-Trojan and anti malware software. Scanning of all email attachments for type. Obtain Service Availability (SLA’s). Deployment of Redundant internet and WAN connections when 100% availability is required REMOTE ACCESS DOMAIN Risk Threats and...

Words: 751 - Pages: 4

Network Security

... administrator fails to learn about all the features and defaults of new equipment, the product cannot secure itself autonomously. Security requires training, research, careful planning, thoughtful implementation, and ongoing review and maintenance. This process is known as security management— and it takes work. The old expression was never more true than today: “Garbage in, garbage out.” What you put into network security is precisely what you will get out of it. So remember that a firewall can’t compensate for ineptitude or ignorance on the part of administrators. In the same vein, firewalls can’t compensate for poor security management. Proactive security management is essential for the success of any security endeavor. Security management is the process of reviewing, testing, tuning, and updating an organization’s security policies and security infrastructure. This is an ongoing effort that requires knowledge, research, and vigilance. The threats and risks facing an organization are constantly evolving to become more persistent and virulent. Your security strategy should be just as rigorous and purposeful in defense. Keeping up to date on the most current threats to and trends in network security is a big part of this job. Networking, conferencing, and reading the latest industry literature are ways to keep yourself and your security efforts sharp. Keep in mind that a firewall is a focal point of security. It’s an embodiment—a physical representation—of your......

Words: 15367 - Pages: 62

It Infrastructure Security

... on how the VPN is configured, either the health of the user's computer will be ignored or the user will be denied access to the network. It is also common to configure NAP so that if a user's computer fails the various health checks, a VPN connection is established to an isolated network segment containing only the resources necessary to address the health problem (sometimes through automatic remediation). When this happens, some users may not understand what is going on and may assume that there is a problem with the VPN. 8. Try accessing various network resources If users can log in to the VPN but they can't do anything once they're connected, the next step is to systematically attempt to connect to various resources on the network. This is important because you may find that some network segments are accessible while others are not. For example, when a user connects to a VPN server, the computer is typically assigned an IP address by a DHCP server. However sometimes, there are situations in which the DHCP server could have been configured incorrectly, and users who were assigned addresses from one specific scope couldn't access remote network segments 9. Test connecting to resources by IP address rather than server name You can also try connecting to network resources by their IP address instead of by their name. If you can access previously inaccessible resources by using IP addresses, you can bet that a DNS problem is to blame. If that happens, you should......

Words: 1125 - Pages: 5

Network Infrastructure

...Anthony Nedelka Journal #2 9 September 2015 Technical goals for a company can include: * Scalability * How much growth is this network going to have to support? When planning for this, you want to make sure that the company is going to have room to grow, which may vary depending on the company. For example, Target is probably going to be a faster growing network than a local mom/pop shop. * Availability * How long your network is available to users. Basically: is your network and up and running all day, every day? * Network Performance * This includes categories that measure the throughput of data and how efficient your network actually is. (Optimum Utilization) * Security * Security design is one of the most important aspects of a network. Without proper security your network is vulnerable to online cyber attacks that can cripple and steal from your databases. * Manageability * This technical goal is going to vary based on company needs. Some customers are going to have more precise goals. The book talks about a company planning to record the number of bytes sent and received to each router. Other clients may have less specific goals than this, it just tends to vary based on company objectives. * Usability * Close to manageability, but different. Usability refers to people who are accessing and using the network you have setup. Your network needs to be easy to use for them (different from management...

Words: 381 - Pages: 2