Network Security Proposal

Network Security Proposal

1. Securing Boundary Devices, Hosts, and Software

1. Physical Security

Requirements

Ensuring security at the university servers is an essential factor in ensuring physical safety. All IT offices and server rooms should be kept closed due to their proximity to the classrooms.

Proposed Solution

Implementing a multi-layered defense architecture will be the best solution for the current situation. Ensuring access time for non-authorized personnel such as the students and other students should be set. Any individual accessing this sensitive area should be monitored by a responsible manning individual [1]. This will ensure accountability and raise security concerns. To ensure safety locks for the various offices, it will be recommended for HID proxpro provided by HID global.

Justification

By limiting entry hours, only personals with valid permissions will be authorized. By using locks such as HID proxpro, the organization will incur limited cost due to their low power consumption nature and reliability.

1. Mobile Device Security

Requirements

Creating inventory control and tracking devices for mobile devices will be an essential requirement [2]. This is because device theft and using devices to penetrate the network can cause a significant threat to the system.

Proposed Solution

The university will need to implement a security guideline for mobile device users. Setting up roles to ensure accountability on mobile device use will provide all mobile devices users have risk awareness. All mobile device users will be required to comply with the use of copy policy by signing [3]. Since the tools are subject to theft, the use of inventory control and device tracking will allow easy tracing and remote wipe in case of device theft. Another security measure will be the use of PIN and Access card for device access.

Justification

Using risk management techniques such as the use of cards, and Use Acceptance policy, the employees and personnel using mobile devices will demonstrate awareness to use and respond to the user devices. Measures such as inventory control will be used as a determinant factor towards any step taken towards a given device.

1. Perimeter Defenses

Requirements

To secure the whole network architecture, the university will implement open Systems Interconnection security features. The several layers within the OSI model include the physical, data-link, network layer, transport, session, presentation, and application arranged from the hardware bottom layer to the user layer [4].

Proposed Solution

The use of a firewall will be the necessary step in ensuring the system defense. Various network security implementations such as the De-militarized zone and Cisco ASA ebbed with FirePOWER capability will provide the best firewall security protection for the network layer [5].

Justification

Setting up a firewall will prevent the entry of any potentially malicious content providing network layer protection. Use of DMZ will add additional protection features by segmenting the network into layers hence giving the administrators the ability to choose servers to be authorized and the ones to be secured.

1. Network Defense Devices

Requirements

The managing network has become a very vital activity to be concerned about. This is so because of the number of personnel being able to access a system that has been on the increase [6].

Proposed Solution

To curb the problem posted due to enabling even guests and partners being able to access the institution’s network, devices such as routers and switches can be employed. They assist in coming up with an intrusion detection system as they work with both IP and mac addresses of devices in a network.

Justification

Since these network defense devices assist in coming up with an intrusion detection system, the system can use various sources to figure out attacks and be able to analyze and monitor the entire system.

1. Host Defense

Requirements

Malware is defined as a file that can cause harm to a computer [7]. The files can steal, encrypt, delete, or inject sensitive data to the network. They can also be used to hijack critical computer functions. Due to this, it is essential to defend a computer system; host from these attacks.

Proposed Solution

A group policy object should be used to define how a system will behave for a defined group of users. The GPO will entitle that strict rules are applied to monitor user access to computers, enforce password policy, and make sure firewall settings are on [8].

Justification

By employing the GPO, all personnel is entitled to strict rules such as having a periodic change of passwords. This, in turn, will subject a system to being tight of intrusion, and it will make it hard for an attacker to have access to the network through any staff or employee.

References

[1] HID Global, “HID ProxPro with keypad 5355,” HID Global. https://www.hidglobal.com/products/readers/hid-proximity/5355-keypad

[2] T. Sieber, “10+ Useful Excel Templates for Project Management & Tracking,” Makeuseof.com, 14 December 2016. http://www.makeuseof.com/tag/excel-project-management-tracking-templates/.

[3] Advanced Card Systems Holdings Limited, “ACR39U Smart Card Reader,” Advanced Card Systems Holdings Limitedhttp://www.acs.com.hk/en/products/302/acr39u-smart-card-reader/

[4] S. Northcutt, L. Zeltser, S. Winters, K. Kent and R. Ritchey, Inside Network Perimeter Security, Sams, 2005.

[5] Cisco, “Cisco ASA with FirePOWER Services 5506H-X,” Cisco, 2015. http://www.cisco.com/c/dam/en/us/products/collateral/security/asa-firepower-services/at-a-glance-c45-734331.pdf.

[6] S. Pereira-Beardsley, “The Importance of Security in Switches,” Cisco, 6 December 2011. https://blogs.cisco.com/smallbusiness/the-importance-of-security-in-switches

[7] TechTarget, “Malware,” TechTarget, November 2016. http://searchsecurity.techtarget.com/definition/malware.

[8] TechTarget, “Group Policy Object (GPO),” TechTarget, October 2008. http://searchwindowsserver.techtarget.com/definition/Group-Policy-Object.