1. Network Security 1
Errol Hewitt

2. 2
Table of Contents
Network Security (week 1)……………………………………………………………………………………………………2
PCF Organization………………………………………………………………………………………………………………….3
Provide an overview of the existing network architecture, including the following: Network.4
 Topology……………………………………………………………………………………………………………………5
 Protocols allowed………………………………………………………………………………………………………6
 Connectivity methods………………………………………………………………………………………………..7
 Network equipment…………………………………………………………………………………………………..8
 Number of routers, switches, and other network equipments such as VPN,……………….9
 Concentrators, proxies etc………………………………………………………………………………………….9
A summary of the current security devices in use on the network……………………………………….10
List the type of device, the vendor, and provide description on how the device is used. ……..11
Risk Analysis of the Network (week 2)…………………………………………………………………………………12
Conduct an inventory of devices within PCF’S network using appropriate tools…………………..13
Provide a summary of the number of desktops, laptops, networkprinters, and servers………14
Identify key assets i.e. sensitive information that needs special protection…………………………15
Prioritize each asset or group of assets and assign a value to each………………………………………16
Create a subsection that will identify and describe the risks within the environment………….17
Natural disasters with possible chance that it could occur…………………………………………………..18
Provide a list of the tools and methodology that you used to conduct the risk assessment…19
Threats (week 3)…………………………………………………………………………………………………………………20

3. Identify and select appropriate technologies to protect against the risks that were identified,
and provide an explanation as to why the technology was chosen………………………………………21
Describe where you plan to place these technologies within the networkand why…………….22
Identify additional software that will be required to monitor the network and protect key
assets…………………………………………………………………………………………………………………………………..23
Identify any security controls that need to be implemented to assist in mitigating risks………24
Mitigate all of the risks that were identified during the assessment…………………………………….25
Network security policy (week 4)…………………………………………………………………………………………26
Identify what written policies need to be created for your organization………………………………27
For each policy, you will address how you plan to monitor the policy………………………………….28
For each policy, you will provide what you feel the appropriate punishment should be for
violators. These punishment must be able to be enforceable, not just a threat…………………..29
For each policy, you will identify a timetable for when each policy should be reviewed and
updated and who will do the review…………………………………………………………………………………..30
Identify the process of how your organization will identify an incident………………………………31
Identify the process for classifying the incident. What are the criteria for each classification
within the organization?......................................................................................................32
Identify what the response will be for each classification identified……………………………………33
Identify a general plan to recover from the incident……………………………………………………………34
Identify a process for evaluating the incident response plan after each incident has been
mitigated…………………………………………………………………………………………………………………………..35
Discuss how the incident response plan will be tested and updated………………………………….36
The security plan (week5)………………………………………………………………………………………………….37
Develop a plan to implement the security controls and policies that you identified in previous
sections……………………………………………………………………………………………………………………………..38
Develop a plan to implement new security devices that are required to monitor the network
and the policies that were created or updated…………………………………………………………………..40

4. Describe how these controls, policies, and security devices have addressed the key security
areas of confidentiality, integrity, authorization, and non-repudiation cryptographic
services…………………………………………………………………………………………………………………………….41

5. 4
PCF Organization
PCF is an accounting firm that handles small and large corporation financial accounts.
The business includes accounts payables and receivables, auditing, financial analysis, and
legal mitigation documents. The firm expanded over the years nationally, and internationally.
It employs over three thousands employees, which include some workers who work off site
offices in other locations. The headquarters is in Albany New York. PCF is staffed with people
who have different levels of expertise, from CFO, CPA, IT, and lawyers. The employees who
are offsite, interact 24/7 with the IT personnel and other specialist in the networksystem. As
a result, of constant flow of information from PCF to clients of various corporations by way of
the internet, it has become necessary to have policies, and a sound architectural
infrastructure that will safe guard against any kind of internet vulnerabilities.
The organization installed over six thousand mainframe desktop which includes: Hewlett
Packard, and IBM initially, then over time Dell, and Microsoft were added to the network.
The operating system includes: Open Source, UNIX, and Windows. These systems are still
used in the organization. Initially the design of the existing network architecture was very
secure and over the years very little problems. However, as technology and the flow of
information become complex, there is more demand for better written codes and upgrade of
the network.

6. 5
PCF Network
The network is essentially data that is constantly passing from one network system to
another. Data is transferred in the form of packets which is to prevent too much data flowing
all at once. The network connections between nodes are established to use either cable or
wireless media. Devices are said to be networked together when one device is able to
exchange information with the otherdevice, whether or not they have a direct connection to
each other.
NetworkSystems
The network includes the physical media used to transmit datasignals, the
communication protocols to organize network traffic, networksize, topology, and the
organization intent.

7. 6
Topology
PCF local area network design is one that is efficient and profitable to meet the
standard of the organization. It is peer – to – peer network which consists of thirty personal
computers and printers with interface card. PCF has several locations in Albany New York, but
share the same network. Every computer on the peer – to – peer network is equal; that is, no
one computer is in charge of the other computers. Because peer – to – peer network is simple
and inexpensive to setup, the organization installed the system.
Local area Network

8. 7
Wide areanetwork
Wide area network (WANs) has become an efficient way to do business with many clients
who operate internationally. As a result, PCF has established a network that is cost effective
to handle international matters.
WANs

9. 8
Protocols allowed
The communication that people have among themselves can vary but is still understood
most of the time. However, when communicating with a computer, the language has to be
correct. PCF expects proper communication within the system. The protocols that are used in
the organization are:
 TransmissionControl andInternetProtocols (TCP/IP) –theyare differentproceduresbut
are linkedtogetherinthe system.The linkingof protocols cancomplementone another
inorder to carry out some specifictask,andespeciallywhenthere are severallayersof
operations.Informationthatissentover the internet,isgenerallybrokenupintosmaller
piecesor“packets”.Thisfacilitatesspeedytransmissionsince differentpartsof a
message canbe sentbyroutesand thenreassembledatthe destination. Itishelpsto
minimize the lossof informationin transmissionprocess.
 User Datagram Protocol (UDP) – Itis usedtogetherwithInternetProtocol whensmall
amountsof informationare involved.
 Simple Mail TransferProtocols(SMPT) –is the most commonprotocol forsendingmail.
Whenconfiguring email clients,aninternetaddressforan(SMTP) servermustbe
entered.
 Interactive Mail AccessProtocol - (IMAP) allowsforthe readingof individual mailboxes
at a single accountandisoftenfoundinthe businesscircle.
 HypertextTransferProtocols - (HTML) it providestransmissioninanencryptedformto
provide securityforsecuritysensitive data.A webpage usesthe protocol http at the
front of its URL.
 File TransferProtocol (FTP) Itcopies filesoveranetworkfromone computertoanother
as well asprovidesforsome simple filemanagementonthe contentsof a remote
computer.
PCF will install these protocols because of the language that has been established by
international agreement and ensure that computers everywhere can talk to one another.

10. 9
Connectivity methods
In the past the only way to communicate is by using a device, primarily a phone that has
a cord. Today, many of us use cordless or wireless products to communicate with one
another. The way we connect with one another can be:
 Wireless – this connection is with a wireless router or network. The use of wireless
methods to connect hotspots has increased largely I recent period. The hotspot allows
you to connect to an available wireless network providing one has the relevant login
information to a hotspot account.
 Broadband – is applied if a computer is connected to a broadband modern (DSL). It
requires login information such as users name and password. The information is
provided by the ISP.
 USB Tethering – consists of using the 3G internet connection from a suitable enabled
mobile phone and sharing it with the computer it is connected to USB. The UBS allows
data to flow from the mobile phone to the computer. It is found on android operating
system mobile phones alongside few previous phones.
 Bluetooth – allows the transfer to data between twoBluetooth enabled devices.
Connectivity methods

11. 10
Networkequipment
The equipments that are use in the organization are crucial to the business. Nearly
everyone who uses a computer has lost data at some point or the other. It is necessary that
PCF invest in reliable network equipments. Some equipments that are essential for the life of
the organization are:
 Netware – which has a long transaction tracking system (TTS). To protect files and
databases in case of an unexpected system crash or power, it is necessary to have this
equipment.
 Uninterruptible powersupply (UPS) is the best fault – tolerance method toprevent
power problems causing data loss and component damage. This device is built into
electrical equipment or a separate device that provides immediate battery power to
equipment during a power failure.
 UPS in Windows 2000/x2003 – The interconnection with UPS and Windows show they
provide service for the organization. The relationship shows (1) how to send out
notifications of a power failure (2) when to sound a critical alarm that the UPS is
nearly out of power (3) the ability to run a program just before the UPS is out of
power (4) whether to shut down the computer and UPS just before the UPS is out of
Power.
 NetWare 6.x - communicates through a serial port connection and AIOCOMX and
UPS. When UPS_AIO are one can configure values as (1), how long to allow the
computer to run on the UPS before NetWare shuts down, (2)when to send a shut
down warning message to users,(3)the port to which the UPS is attached, and the type
of signal sent from UPS.
Server

12. 11
Routers, Switches, VPN, Concentrators and Proxies
The routers are essentially uses to connect different network segments together. They
operate at the network layer of the operating system internet (OSI) model using the network
address (IP) to route traffic and using routing protocols to determine optimal routing paths
across a network. There are two advantages of using routers in the network:
 They don’t forward broadcasts by default.
 They can filterthe network basedon layer 3 (networklayer) (e.g.,IP address.
Four router functionsin the network can be listedas follows:
 Packet switching
 Packet filtering
 Internetworkcommunication
 Path selection
Routers are really switches, they are called layer 3 switches, they use logical addressing
and provide what is called packet switching. The main purpose of a switch is to make a local
area network function better, optimize its performance, and provide more bandwidth for
(LAN’s users).Switches don’t forward packets to others network as routers do, they “switch”
frames from one port to anotherwithin the switched network.
Virtual private Network(VPN)–is the connection between twoor more computers or
devices that are not on the same private network. To ensure that the proper users and data
session cross to a VPN device, data encapsulation and encryption are used.
Concentrators – Main function is to concentrate on the networksegment connections
together in one place. They also have some built in intelligence that enables them to monitor
its ports. This prevents a port from disabling the entire network segment.
Proxies such as firewalls and other forms of IDS/IPS are devices that are used to protect
the network from outside intruders.

13. 12
A summary of the current security devices use on the network
A network must be of high quality, and in order forit to be that way the infrastructure
has to be designed for that purpose. When an individual sits at his or her workstation they
are beginning to face many challenges which include the information that move to the
outside of the organization, and whois sending the information. Workstations are attractive
targets for crackers because they are numerous and can serve as entry points intothe
network and the data that is commonly the target of an attack. Some security devices that
PCF will use include:
 Antivirus products- which are able to detect hackers who ready tocompromise the
system.
 Switches- which is a layer 2 space that acts as a mesh where potentially the addition
of a new device can create loops in the existing device interconnection.
 Routers – which is a network traffic management device used to connect different
network segment together. They operate at the network (layer3) of the OSI model
by using the network address (IP) to route traffic, and using routing protocols to
determine optimal routing paths across a network.
Although security is a term is sometimes superficially, the following steps will increase
security immensely:
 Remove unnecessary protocols such as Telnets, NetBIOS, IPX.
 Remove unnecessary software.
 Remove modems unless needed and authorized.
 Remove all shares that are not necessary.
 Disable unnecessary user accounts, ports and services
 If no corporate firewall exists between the machine and the interne, install one.
 Keep the operating system (OP) patched and updated.

14. 13
List the type ofdevice, the vendor, and provide descriptionon how the
device is used.
There is a list of device and vendors recommendations that PCF use in the organization.
Many of them can be upgraded because of more advance technology. The organization is
concern that sensitive information could be compromised at anytime. Some devices with
protection capabilities are:
 Intrusion Detection Systems (IDS)- which detects an attackand alerts or makes an
alarm to IT personnel.
 Intrusion Protection System (IPS)- this device takes action to modify the environment,
stop the attack and reduce its effects.
 Proxy Server-use to filter out undesirable traffic, and prevent employees from
accessing potentially hostile website.
 Anonymous Proxy- use to track cookies and other mechanism. It is designed to hide
information about the requesting system and make a user’s web browsing experience
anonymous information.
 Caching Proxy-it keeps local copies of popularclients request and is often used in large
organization to reduce bandwidth usage.
 Content Filtering Proxy- examining each client request and compare it to an
established acceptable use.
 Honey pot- a device that looks, observes, and records information.
Vendors are of high priority to PFC. The equipment that are installed in the network
system will decide the level of success of the organization. For one to decide on the type
of vendor (s) the question will be how and why the device will be necessary.PCF will have
several vendors that can complement one another. However, the reasons that will allow
the purchasing department todecide on any vendor include the following:

15. 14
 Evaluate the technology and see if a purchase is necessary.
 Look at all the industries that offer products that the organization needs and
evaluate strengths and weakness
 Look for packages that will accomplish the goals of the organization
 The acquisition of large and midrange computers is fairly routine. If a firm has
an architecture in place, that architecture may dictate what new computeror
other equipment to buy.

16. 15
Conduct an inventory of devices within the PCF’S networkusing
appropriate tools.
The use of network tools are generally useful for many individuals and businesses. They
can be used for computer and wireless network. There are different types of tools that are
appropriately used at any given time. Some tools are used for network, management,
network security, network backup, and networkmonitoring.
Many of the tools overlap in their functions i.e. a complete set of network management
tools includes security backup tools and monitoring tools. These tools are often helpful in
monitoring the performance of a network, such as connections, server uptimes and
downtimes. They are helpful in analyzing and reporting the activities going on in the network.
This set of tools includes a user interface that allows management of one’s network remotely
via the internet, a desktop client from another computer, or from a mobile device.
PCF uses a number of devices that usually require appropriate tools whenever repairs,
replace or upgrades are needed. Some of the devices that are used include: servers, routers,
modems, computers, firewalls, switches, hubs, and printers. The organization uses the “Web
Server” because of the service that it offers. This web server allows someone to connect to
the internet with a unique internet protocoladdress assigned by the internet service provider
(ISP).The address identifies the computer’s location on the network. PCF chose the web
server because of the consistent records of an uptime of 99.5% reliability.
The DSL router that is used throughout the system is a high speed internet service that
competes with cable internet to provide online access to local customers. It operates over
copper telephone lines like dial-up service, but is many times faster than dial-up. It does not
tie up the telephone line.
The switches are the Cisco Meraki MX which makes it easy to deploy high quality
infrastructure to large numbers of distributed sites. MX is cloud managed therefore
installation and remote management is simple. The MX has a comprehensive suite of
network services eliminating the need for multiple appliances. HP laser-jet pro multifunction
printer is used because of its reliability.

17. 16
Provide a summary of the number of desktops, laptops, network
Printers, Server.
The desktops that are used range from Hewlett Packer, Dell, Microsoft, and Apple. These
desktops are used because they allow one to organize applications on up to othervirtual
desktops. It’s a way to read your email on one, browse the web on the second, and do work
in ones productivity software on the third, without cluster of the windows that are not being
used. There are over four thousand desktops that are used in the organization.
The laptops are the cordless Hewlett Packer, Apple, and Dell that are used in the
organization because of their mobile capabilities. They are readily available and efficient,
which make them more productive and efficient at all times. All employees must see to it
that they are properly secure when they are not in use. Employees who conduct sales and
accounting activities use laptops.
The HP laser Jet Pro multifunction printers are used because they are reliable and easy to
use. The organization installed this brand of printer on the basis of good quality delivery.
These multifunction laser printers deliver professional quality and offer the core workflow,
wireless networking, and mobility features that are ideal for small and large business.
The windows servers that are used provides: (1) core protocols for networkconnectivity
between computers and otherTransmission ControlProtocol/ Internet Protocol (TCP/IP)
compatible . (2) automatic IP addressing with Dynamic Host Configuration Protocol(DHCP).
(3) name resolution services, such as Domain Name System (DNS) and WINS. Both
(DNS/WINS) allow users, computer, applications and services to find the IP address of
computer devices on the network using the networkbasic input/output system (NetBIOS).

18. 17
Identify key assets i.e. sensitive informationthat needs special
protection.
PFC is always concern with the protection of its assets and the way it will be protected.
There are three subcategories that IT looks for when in the protection of its assets:
Infrastructure, Human Resources, and Data.
Infrastructure has to be securely design to inhibit the entry of any hacker attack. A hacker
is constantly probing the network to see who is there watching, and if possible to map the
network system for future malicious attack. Hackers can be persistent when looking for
vulnerabilities, this can be done from scanning systems for open ports, using commands such
as ping and trace-route. It is therefore important that Information Technology personnel
remain vigilant at all times to intercept intruders.
Data is the most important asset in the organization. There are sensitive information that
are supposed to be protected. The software that store these information have to be well
written and properly secure. Cyber intruders main concern is to invade the system for a
number of reason (1) to comprise the system,(2) crash the system, or(3) take sensitive
information entirely from the organization.
Human resource is always important in an organization. However, policies have to be
upheld in order to maintain a viable organization. Employees who are not authorized to
handle sensitive information must be forbidden todo so, only Public Relations personnel
must answer questions pertaining to the organization. Employees are responsible for logging
off his/her monitors at all times.
These three areas of the organization are important in the securing of the company’s
assets.

19. 18
Prioritize eachasset or groupof assets and assigna value to each.
The organization depends primarily on the data that is used throughout the network.
Without the data the organization will not function. However, in the eyes of Information
Technology (IT) personnel, anything of value,a useful valuable or thing, an advantage or
resource. These qualities would include data, the systems that the data is contained on or the
infrastructure that connects such systems. There is a symbiotic relationship among the data,
infrastructure, and human resource. They all work together to coordinate the activities of the
organization i.e. one can’t do without the other.
Most top level executives today are starting tosee that all three pieces of this IT
paradigm make up the whole, data, infrastructure, and the people who run them. If one
doesn’t consider these three relationships or assets, then it is to not understand the full
function of the organization. The times that PCF would have problems with its operation, was
due to improper evaluation and misjudgment of its system.

20. 19
Create a subsectionthat will identify and describe the risks withinthe
environment including natural disasters.
Some of the risks that are expected in the operation organization can be identified as
follows: Root Cause, Downstream Effect, and Natural Disasters.
Root Cause – This is people or even if a group’s processes and technology are flawless,
human actions (whether accidental ordeliberate) can put the business at risk.
 Process- Flawed or badly documented processes can put the business at risk even if
they are perfectly followed.
 Technology-The Information Technology staff may precisely follow a perfectly
designed process, yet fail to meet business goals because of problems with the
hardware or the software.
 Downstream Effect-The infrastructure can work properly but at too high a cost causing
too little return on investment (ROI).
 Performance-The infrastructure can fail to meet users’ expectations, either because
the expectations were unrealistic, or because the infrastructure performs in correctly.
The reliability of the system can also affect the user’s perception of the service’s
performance.
 The infrastructure can fail to provide the platform of the components needed for end-
to-end services to function properly or even function at all.
 Security- The infrastructure can harm the business by not providing enough protection
for data and resources or by enforcing so much security that legitimate users cannot
access data and resources.
 Natural Disasters- Some factors are beyond the IT group’s control but can still affect
the infrastructure in a way that harms the business. Natural events such as
earthquake, fire, flood, and hurricane will cause serious damage to the system.

21. 20
Provide a list of tools and methodology that you use to conduct the risk
assessment.
Human error is the most frequent factor that is associated with a system failing to meet
an organization potential. The type of input that is used by the organization is the
responsibility of the designers or architects. Any mistakes or flaws that are made during the
inception of the system infrastructure will possibly show up during some time of operation.
It is important that the people who are in charge of the system operations must be:
 Knowledgeable- Understand the organization’s objectives and how to execute them.
 Training- Every employee must have regular seminars for their area of expertise.
 Authorization- Employees who are authorized tohandle sensitive duties must be the
ones responsible for the organization’s properties.
 Feed Back- Get information from employees that will benefit the organization.
Return on investment can only be achieved when data, infrastructure, and human
resources are working together. This can occur when the heads of the organization have the
foresight: (1) to envision long term goals for the organization, (2) constantly upgrading the
system, (3) look for the latest ideas or technologies to protect the operation, (4) and avoid
hostile environments if possible.
Natural disasters are unavoidable, so it is important to establish mitigation plans at all
times. The first step is to identify possible hazards of concern and make preparation in
advance. The second step is to look at the cost that could occur and how to mitigate loss as
much as possible, and third is what precautions to take for future hazardous events.

22. 21
Identify and select appropriate technologies to protect against the risks
that were identified and provide an explanationas to why the
technology was chosen.
PCF’s confidentiality, and integrity rest solely on how clients assets will be cared for, so
over the years the IT personnel’s responsibility is to provide safe ways to protect the various
assets of the organization. Firewalls are used for enforcement in every area of the network.
Some of the firewalls that are used include:
 Stateful inspectionfirewalls- theykeepstrackof eachnetworkconnectionbetween
internal andexternal systemsusingastate table whichtracksthe state and contextof
each packetinthe conversationbyrecordingwhichstationsentwhatpacketandwhen.
Theycan expedite incomingpacketsthatare responsestointernal request.If athey
receive anincomingpacketthatitcannot match inits state,itreferstoits ACLto
determine whethertoallow the packettopass.
Firewall Protection
 Circuitgatewayfirewalls- theyoperate atthe transportlayer.Connectionsare authorized
basedon addresses.Theypreventdirect connectionsbetweenone networkandanother.
Theyaccomplishthisbycreatingtunnelsconnectingspecificprocessesor systemson
each side of the firewall andthenallowingonlyauthorizedtraffic,suchasa specifictype
of TCPconnectionforauthorized users,inthese tunnels.

23. 22
 MAC Layer Firewalls- theyare designedtooperate at the mediaaccesscontrol sub-layer
of the data linklayerof the OSInetworkmodel.Thisenablesthesefirewallstoconsider
the specifichostcomputer’sidentity,asrepresentedbyMACor networkinterface card
addressinitsfilteringdecisions.
 HybridFirewalls-theyinclude apacketfilteringfirewall thatissetupto screenall
acceptable requests,thenpassthe requesttoa proxyserver,whichinturnrequest
servicesfromawebserverdeepinside the organization’snetwork.
 Kernel proxy- itevaluatespacketsatmultiple layersof the protocol stackby checking
securityinthe kernel asdata ispassedup anddownthe stack.
Firewall
Network Operation
PCF chose to go with these technologies because of the high level of security that they
offer. In the past the organization had problems with poorly security measures, that were
due to weak software writing and limited tools available. Today the organization has capable,
and dependable firewalls installation tohandle security issues.

24. 23
Describe where youplan to place these technologies withinthe network
and why-cover all layers of the OSI model.
When planning for places to install technologies within the network system, the factors
that one needs to consider are primarily determined by how the users need to access the
various devices that will carry out the daily task. If cables need to be installed, a few
important factors to know are: one has to be knowledgeable on where cables are located in
order to know how cables are arranged when needing to both maintain and troubleshoot
network infrastructure issues. When determining locations for cables and the routing
strategy of the cable, one needs to know what the locations are and if any obstacles could
affect the performance of the cables. If there are any obstacles, they must be bypassed.
The location for connectivity devices are important in the matrix of the operation. A
number of factors will be considered in the layout of PCF. One needs to determine the
locations of hubs and patches. The network’s size determines the location of the hubs, and
patch panels and the amount needed. The size of the network and the protocols which one
needs to utilize is determined by how connectivity is established (i.e. hubs and switches can
be used to connect building floors, and routers can be used to create an internetwork.)
Servers need to be physically secured and protected from strikes and interruptions.
There will be departmental servers for the network which will be locked in closets.
Ultimately, the strategy is to place all servers in a central data center. It will be easier to
physically secure servers when they reside in a single data center. The servers that need to be
accessed by all users in the organization they must be placed where they can directly be
connected to the backbone network.
Work station including computers will have easy access to the location where the
printers will be, and printers that will release gases won’t be placed in locations in close
proximity of users.

25. 24
Identify additional software that will be required to monitor the
networkand protect key assets.
The safety of the organization constantly require additional ways to secure the system.
In terms of the daily operation, there are tools that will be always available to mitigate the
problems that will arise. Some ways to monitor the system include:
 Scanners- (1)Port scanner offers a quick way to scan a range of addresses and find all
live machines on the segment (2) NMAP- is used to check how sensitive the intruder
detection systemis, by running scans at various s stealth’s level (3) NLOG –it helps to
organize and analyze the NMAP output. It makes it easy to sort the NMAP data in a
single searchable data base.
 Sniffer- It listens or sniffs packets on a specified physical network segment. This let one
analyze the traffic for patterns, troubleshoot specific problems, and spot suspicious
behavior. Some sniffers include : tcpdump, windump, and ethereal.
 Routers- track the source of a perpetrator one finds in a log file and maintain a record.
 NCC-keeps track of scans for different companies with different configurations .
 Swatch- it can notify one of any event in the messages or syslog files that might indicate
a security problem, and schedule the scans and automatically run them.
 Open secure shell – It fixes problems by using both public keys and symmetric
cryptograph to encrypt the session starting from the first keystroke.
 GNUPG- it helps in protecting people privacy, and can be used for any application,
personal or commercial matters.

26. 25
Identify any security controls that need to be implementedto assist in
mitigating risks.
Security controls are technical or administrative safeguards against intruders that can
cause damage the organization. These controls can be further broken down into
preventative, detective, and corrective. Controls such as:
 Preventative- is firewalls which are necessary to protect the networkfrom outside
intruders.
 Anti-virus- allows for better software to be installed to make the system more robust
or secure.
 Detective- is monitoring the system which is using appropriate tools to fix problems
when they are identified.
 IDS- are any network mitigating devices that will provide the best possible solution in
the network.
 Corrective- is using the system that is best suited for the organization. Some systems
that are designed for a certain purpose, might not workfor another type of project.
 Operating system upgrade- always know when to upgrade the system or design new
software.
The control environment sets the tone of an organization, influencing the control
consciousness of its people. It is the foundation for all other components of internal
control, providing discipline and structure.

27. 26
Mitigate all the risks that were identified during the assessment phase.
The problems that PFC will face can be the lack of proper and a well secure infrastructure.
The servers will only be used for the organizations purpose and must be constantly
monitored by the IT personnel. The networksystem will be local area network and wide area
network. Both systems must operate independently of each other. This practice will help to
mitigate vulnerabilities. It will be a way to track malicious perpetrators IP addresses.
The protocols will be the measures taken to allow for efficient working conditions.
Protocols will be easy to follow, but must be adhered to, and enforced by the IT personnel.
Protocol will be technical, and is human resource oriented. In terms of the technical aspect, IT
must use the proper monitoring devices and adhere tothe organization’s policy. Employee
who perform duties that are highly classified must be authorized and properly authenticated.
There must be constant check and balance between upper-level management and IT
personnel.

28. 27
Identify what written policies need to be created for your organization.
The organization has created policies that will foster proper working habits and better
relationship among employees. The policies that are instituted are:
 Policy (1) PFC will review its wireless encryption and confirm that they are using the
appropriate level of encryption.
 Policy (2) organization will keep a record of all laptop computers and ensure that any
computers with remote access are encrypted.
 Policy (3) organization must be aware of hacking that can occurfrom physical access
to the server room as well as from external hacking.
 Policy (4) employees must never click past security certificate warning screens. If it
happens, (IT) must be notified immediately.
 Policy (5) managers must be aware of “water cooler” talk among employees that may
indicate a breach has occurred. This includes numerous employees complaining of
fraud on personal accounts.
 Policy (6) organization must ensure that they have a security response plan prepared
in the event that some kind of incident does occur.
 Policy (7) if management or employees notice any suspicious activity, local law
enforcement must be contacted.
 Policy (8) unauthorized employees aren’t allowed tohandle sensitive information.
 Policy (9) passwords must be changed bi-annually.
 Policy (10) monitors must be locked if they are not in use.
 Policy (11) evaluate policies and make necessary adjustments.
 Policy (12)avoid dealing with hostile environments.

29. 28
For each policy,you will address how you plan to monitor the policy
Policy (1) PCF responsibility for any form of encryption activities will be based on the type
of activities that have been assessed. If there are malicious attempts on the system, which is
a result of hackers compromising the system, tools such as “OPENSSH, and JOHN the RIPPER”
will be used to monitor and identify perpetrators.
Policy (2) users of any computer must report the loss to Information technology (IT)
personnel so that they can track discrepancy or malicious attackon the system. Daily entry to
(IT) log must be made whenever users operates a personal computer.
Policy (3) in the case of physical access to the system namely servers, (IT) must install
tools such as FPORT, LSOF, UNIX, and WINDOWS log files. These tools have forensic
capabilities for (IT) to use in case of future investigations.
Policy (4) if users click beyond the security certificate warning screen, (IT) must establish
a warning system that will alert employees of where they are on the system.
Policy (5) any actions show suspicious behaviormust be reported immediately. Reporter
will remain unanimous.
Policy (6) PFC will have response plan in case there is a disaster. Reproduction of
software will be in place, servers that have capabilities to switch to remote servers in case of
fire, flood or other disasters, and backup generators in case of electrical outage.
Policy (7) a business remains viable when there is the constant physical presence. Law
enforce will perform the necessary precautionary measures when call upon.

30. 29
Policy (8) all employees of PFC will know what their duties are and must adhere to the
necessary protocols of the organization.
Policy (9) Hackers become frustrated with difficult encryption. However, over time they
will decrypt them if they are not changed. Password must be changed bi- annually.
Policy (10) an unauthorized employee can become curious as well as hacker and decide
to take advantage of sensitive information. Monitor for hackers, and termination for
employees who deliberately abuse organization policy.
Policy (11) if some protocols are not effective for the organization, the adjustments must
be made. Upper level management, IT personnel, and employee must assess and evaluate
and arrive at policy change or some form of upgrade to the organization.
Policy (12) some organizations as well as countries can see PFC as an opportunity to do
phishing and eventually find a way to gain entry to the organization’s network and obtain
sensitive information. Constant monitoring and upgrading of the system must be high
priority.

31. 30
For each policy, you will provide what youfeel the appropriate
punishment shouldbe for violators.These punishments must be able to
be enforceable,not just a threat.
Policy (1) I f the appropriate level of encryption is not used because it was deliberately
done, then the violator must be removed or fired. If it were a lack of training then training
must begin immediately.
Policy (2) many organizations today dogive laptops to their employees. PFC’s policy
allows for routine investigation. If it is found that the lost of a laptop is the result of
carelessness, that employee must be warned. If it is done a second time, the employee must
be relieved of his or her position.
Policy (3) it can be difficult to find the hacker whowants to invade the system.
However, if it is an employee who wants to commit a breach he or she must be reported to
the legal authority and finally remove from the organization.
Policy (4) activities that are not authorized by the (IT), and upper level management
must make the final decision of that employee fate.
Policy (5) employees who are having inappropriate discussion pertaining tothe
organization is in violation tothe organization. If there are strangers nearby, there can be a
breach in the making that could hurt the organization. Employees must be advised against “
water cooler” talk. If the behavior continues, the employee whois caught will be terminated.
Policy (6) at some point PCF will experience some kind of incident occurring. Once an
incident happens, employees must immediately follow protocols. If (IT) wants the computers
to be logged off or locked, employees must do so accordingly. Employee will be given a
warning against negligent behavior. Refusing to comply toprotocol will end in termination
from the company.

32. 31
Policy (7) any suspicious activities will guarantee the presence of law enforcement.
Appropriate action will take place if there is a crime against the organization.
Policy (8) the employee who willfully handle or try toextract sensitive information will
be immediately terminated from the organization.
Policy (9) failing to change password and leaving sensitive information on the computer
will result in a warning follow by termination if continue.
Policy (10) carelessness will not be tolerated in the organization. There is enough
problems with hackers trying tobreak intothe system and remove information. A warning is
given, follow with the removal from the organization.
Policy (11) it is upper level management, and (IT) who are responsible for the revision
of the policies. Failing to make the proper assessments, evaluation, and necessary revision of
the policy will be the ultimate removal of everyone in the organization when it goes under.
Policy (12) some organizations and countries are dangerous to do business with, either
because of their geopolitical ideology. Sometimes these ideas can play into the organization’s
progress. Many of them are bent on infiltrating the organization in order toget sensitive
information. Failing to stop doing business with these can result in termination.

33. 32
For each policy,you will identify a timetable for when each policy should
be reviewedand updated and you will do the review.
Policy (1 ) if there is a critical incident which was caused by a malicious entry to the
system, there must be a critical review to see what happens and how frequently the system
should be monitored to mitigate future problems. (IT) personnel must be responsible for the
reviewing of the policy twice a year.
Policy (2) supervisors of each department, and (IT) are responsible for all wireless, and
laptop devices, that includes employees who have remote access. The inventory and the
review of the various departments must be done bi-annually.
Policy (3) constant monitoring of servers, data, and other devices must be done.
However, annual review of the policy must take place by authorize supervisors and (IT).
Policy (4) this occurrence seldom happens, so if there is a need to review the policy,
only (IT) is responsible for such review whenever it is necessary.
Policy (5) employees must be warned against “ water cooler” talk. Upper level
management, and supervisors must enforce the policy. If it is necessary to have a review, it
has to depend on the frequency of occurrence.
Policy (6) flood, fire, hurricane, and severe winter conditions are major factors that can
create havoc to the organization. The network can come to a halt if proper measures are not
taken in case of factors. Upper level managers, supervisors, and (IT) must review policy
annually.

34. 33
Policy (7) Upper level management and law enforcement personnel must review
policy when there are suspicious behaviors or activities. The reviewing of the policy depends
on the imminent danger to the company.
Policy (8) authorize managers, supervisors, and (IT) are responsible for reviewing
sensitive information bi-annually.
Policy (9) authorize managers, supervisors, and (IT) must see to it that employees
passwords are updated and properly authenticated bi-annually.
Policy (10) supervisors or managers must make regular inspections of computer safety
and have monthly review of the computers and network system.
Policy (11) an annual review of the entire list of policies must be audited and reviewed
by upper level managers, supervisors, (IT), and some authorized employees.
Policy (12) Departments that are involved with international or local businesses must
do annual review on ethical conduct. This must be done by upper level managers.

35. 34
Identify the process ofhow your organizationwill identify an incident.
There are precautions that are necessary to take in the event of unfortunate surprises.
PCF incident response and recovery team ( Upper level, IT, Supervisors, and Public Safety) has
put in place a plan that requires one to be observant, report any suspicious activities, pay
close attention to very sensitive assets, and see to it that employees follow protocols at all
times. Some conditions that will help in identifying an incident, will be based on the deviation
of the organization’s plan. PCF plan is based on one:
 Preparation- setting up system to detect threats and policies for dealing with them,
including identifying roles staff will play in incident response, and creating emergency
contact list.
 Identification- identifying what the threat is, and/orthe effects it is having on your
systems network, including keeping records of the time/systems involved/what was
observed, and making a full system backup as soon after the intrusion was observed,
as possible, to preserve as much information about the attack as you can.
 Containment-limiting the effects of an incident by confirming the problem to as few
systems as possible, freezing the scene so that nothing further happens to the
compromised system(s) by disconnecting its network connections and possible
console keyboard.
 Eradication-getting rid of whatever the attacker might have compromise by deleting
files or doing a complete system reinstall.
 Recovery- getting back intobusiness, by putting the system back intonormal
operations, reconnecting it to network, restoring from backup if necessary.
 Follow-up: if possible, tightening security so that the intrusion cannot happen again,
determining the “cost” of the intrusion based on staff time, lost data, and lost user
work time.

36. 35
Identify the process for classifying the incident. What is the criteriafor
each classificationwithinthe organization?
The incident response team will determine the degree of preparation. Pryorto an
incident staff must ensure that everyone whowill be involved is properly trained and has the
formal tools for detecting and responding to the incident that might occur. If there is a
security breach there will be the current external contact list of service providers and other
organizations that need to be contacted during the security incident.
PCF will also have to focus on determining whether ornot a security incident has
occurred and, if one hasdetermining the type and severity of the incident. Specific employees
must be assigned for reviewing and documenting possible security breach and will develop an
incident classification system (e.g. low, medium, high or severity). Everyone will know when
the response team will be activated and when the organization’s management is notified that
an incident has occurred.
The scope of any incident can range and spiral out of control if there is no set direction.
There will be formal processes for determining whether ornot law enforcement should be
contacted about an incident and whether ornot systems impacted by an incident should be
allowed to operate. Individuals who are closely involved with systems operation must be
aware of every function.
There will be a mitigation process for reviewing the possible cause any type of
incident, to see the occurrence method and how it start (e.g. log review, camera data review,
and other external behavior)PCF is expecting, once all the necessary evaluations are made
there will be time to recover any type of lost to the organization and install tighter security
measure.

37. 36
Identify what the response will be for each classificationidentified.
PCF incident response team will conduct six steps: training protocol, problem
recognition, controlling the site, remove tampered items, restore credibility, and mitigation
plan.
 Training protocol- individual who are involved with the response team are
expected to listen to those who are in authority. Those who are responsible for
data must follow the process of how to protect files and other sensitive
information.
 Problem recognition- be able to spot unusual events, report them immediately
or make documentations on the way. If network tend to be slow, ask questions
and be ready to get (IT) involve.
 Controlling the site- panic will set in under all circumstances, if there is no sense
of order. Individuals who are trained to handle all the affairs during the time of
an incident (s) must be ready to give appropriate directives when call upon.
 Remove tampered items-If it is shown that the incident (s) escalate to a forensic
matter, then law enforcement must be involved before any tampered materials
are removed.
 Restore credibility- the organization has to get back tobusiness so that clients
will have confidence in the normal operation of the organization.
 Mitigation plan- Network infrastructure will continue to be monitored and
upgraded, employees negligence or natural disasters will be factors that PCF will
look at carefully.

38. 37
Identify a general plan to recover from the incident.
The recovery plan for PCF will involve an extensive analysis for the organization, which
will include: (IT), infrastructure, data backup, resources, continuity requirements and disaster
prevention methods. There will be phases that the organization will institute during the
process. The phases and the plan are as follows:
 Phase 1- data collection
1. Project should be organized with timeline, resources, and expected output.
2. Business impact analysis should be conducted at regular intervals.
3. Risk assessment should be conducted regularly.
4. Onsite and offsite backup and recovery procedures should be reviewed.
5. Alternative site location must be selected and ready for use.
 Phase 2- plan development and testing
1. Development of disaster recovery plan.
2. Testing the plan.
 Phase 3- monitoring and maintenance
1. Maintenance of the plan through updates and review.
2. Periodic inspection of the recovery plan.
3. Documentation of changes.
Instructions on recovery plan

39. 38
Identify a process for evaluating the incident response after each
incident has been mitigated.
There are many ways to erect a process for evaluating incident response after incidents
have been mitigated. However, PCF has decided to look at a few steps that are efficient as a
process. The following steps have been used effectively before:
 Define and map the system- understand what might go wrong in the network and how
to restore it. Laying out the different functions that must be performed and how they
link together defines the structure and bounds of the analysis (i.e. in case of a fire,
have available areas for storage, and public safety personnel protecting sensitive
materials.
 Identify failure mode-this is the “observable manner in which a component fails”
(Ebeling, 1997,p. 168) which in this case would be the ways that performance of
different parts of the response system would break down. This is usually when
staffing or error problem as well as equipments would break down.
 Assess the probability of occurrence of different failure modes- The probability that an
incident will occur is certain. However, the degree of failure is not, but preparation for
failure and its cost must be considered. For example, if the failure mode of concern for
response is a communications system breakdown and there are both primary and
backup system, the probability of the failure would be the probability both system
failed.
 Assess the failure mode effects and their severity-this is generally the stage for
questions and answers (i.e. what is the effect of the failure mode’s occurrence on
overall system performance?).
Everyone of these steps be understood, protocols must be followed, careful
documentations must be taken, an a full transparent report must be available to the clients.

40. 39
Discuss how the incident response plan will be testedand updated.
The test and the updating of the incident response plan will show the effectiveness and
the quality of service that will be delivered in the long run. The following highlights the next
steps the organization will take in this scenario:
 The person in charge of public relations (PR) must articulate PCF plan initial
response to reporters or the public that at this stage that whateverrumor that is
heard of a virus attack on the system, it is a “hearsay “. However, everything is
under investigation.
 Incident response team should contact (IT) to discuss the allegation and to
formulate an in-depth response strategy.
 The incident team leader should meet with (IT) to establish if there is a virus
attack on the system. If the allegation is true, both incident team and (IT) leaders
must document the incident and initiate additional data collection and analysis
activities.
 After additional data collection and analysis, if the claim is determined to be true,
incident response and (IT) leads must establish a conference bridge to
communicate the known and unknown, and action items to the incident
response, (IT) team, and upper level management, following a need –to-know
approach.
 Once there is a resolution to the problem, and is found clear, the public relation
personnel (PRP) must notify publicto remove any doubt that is connected with
the organization.
 The public wants to know what are the strengths, and weaknesses, opportunities,
and threats of the organization, programs, plans and processes in regard to the
incident.
 The organization must find ways to establish an environment that encourages
testing and updating of the system.

41. 40
Describe a plan to implement the security controls andpolicies that you
identified in previous sections.
During the initial stage of PCF operation, there were little complications in doing
business, not much security alarms to thinkabout. However, as the business expanded and
the demand for new technological implementation, there was a concern with security
intervention. An assessment was made to investigate the working progress of the
organization network infrastructure. The emphasis was primarily on the organization’s assets,
in protecting the confidentiality, integrity, and availability of its information and information
system. PCF has had significant weaknesses in the past and still has, even though
improvements have been made in controls designed to protect, confidentiality, integrity, and
availability (CIA) of their sensitive information and information system. The computer
networks and system have many electronic access control vulnerabilities related to network
management, users accounts, passwords , users right and files permission, auditing, and
monitoring of security – related events.
PCF has decided to take some rigorous steps to mitigate these vulnerabilities by
implementing new designs of intrusion detection system (IDS) which include firewalls,
switches, routers, and better design servers. In addition, othersteps will be to search for
weaknesses that exist in other types of controls designed to physically secure computer
resources. The organization will develop and implement a program that will exclusively track
vulnerabilities in all areas of the network system.
There are protocols that must be adhered to for an organization to remain productive
and viable. PCF must conduct suitable background investigations, segregate duties
appropriately, and prevent unauthorized changes to application software. Employees who
are authorized to handle sensitive materials, are solely responsible. There must not be any
discussion of sensitive information with neither authorized or unauthorized employees.

42. 41
Develop a plan to implement new security devices and modify existing
security devices that are required to monitor the networkand the
policies that were createdor updated.
The constant attack on the network has allow for new implementation of security
devices. These devices will be able to detect and have capabilities to handle vulnerability
issues. Firewalls will be included in the implementation plan. However, other devices used
such as:
 Management device- there is a device known as (NOCPulse) monitors and reports the
result to an off-site management center.It can alert you when something goes wrong.
An employee can monitor his/her network from the company’s website.
 Performance enhancement- with this approach, the secure shell (SSL) is involved. It
provides data encryption authentication on both ends and messages integrity using
certificate. Messages that are sent are protected while sent through the system.
 Traffic management- If one is going to enhance performance,it helps to also know
wha traffic needs enhancement and what doesn’t. Device such as NetScaler Request
Switch can inspect the contents of traffic entering the network, and then depending
on what it finds, direct it to the proper server or appliance. This allows one to aim
traffic at devices that best handles it, and improving the network overall efficiency.
 Load balances – traffic management devices sort traffic according to the
characteristics of what’s inbound. Load balancers take their cues from what’s
happening on the servers. These devices monitor the performances of a server. In
some cases, the cost of the route to that server and choose a destination that will
maximize performance or minimize cost or both. Because of the volume of traffic that
must pass through the devices, load balancers must have very high
performance.Going forward, the line between trafficmanagement devices and load
balancers will likely overlap, because their functions are so complimentary that a
combination of the two tasks makes sense for users.
 Storage – a solution is to offload storage processing from the servers to specialized
storage appliances.

43. 42
Describe how these controls,policies,andsecurity devices have
addressedthe key security areas of confidentiality,integrity,
authentication, authorition,and nonrepudiationcryptographic services.
The network system is that medium that conveys information and otherdata upon
request. Many of these controls are either wire or wireless, and at point are invitations to
vulnerabilities. The infrastructure is the main concern and more emphasis will be placed on
making it more robust. Other additions will include the type of intrusion detection system
(IDS) and individuals who are responsible for the handling of sensitive information. Some
(IDS) will include: switches, hubs, routers, and cables. These controls will establish and
regulate the relationship among the computer and the networksystem.
As for the policies that will be instituted there will be guidelines or protocols for re-
enforcing and re-assuring the confidentiality, integrity, authenticity, authority, and non-
repudiation of the organization.
In order to establish confidence in the organization, there must not be lingering and
frequent mishap in the network this will be cause for concern to the clients. The organization
must find ways to mitigate problems at all time. All employees must have passwords that are
difficult for hackers, and must be changed bi- annually. (Information resources, 2006) (Rash,
2003) (Schou & Shoemaker, 2007)Those who are responsible in handling sensitive data or
information must be properly authenticated and authorized by upper level management and
authorized (IT) personnel.

44. References
Works Cited (Markey,2012)
Aven,T.(2008). Understand and describerisk.
Avolio,F.(2005). firewall and internetsecurity the second hundred (internet) year.
Brooks,c. Maintaining and repairing PC. PraesonEducation,ISBN:970132409810.
Corazon,D. (2014). Network Monitortools.
DheelanRai,S. Connection to computernetwork.
Drapkin,M. (2010). Policies and procedures.

45. Howlett,T.(2005). Open sourceSecuritytools. Pearson.
Informationresources.(2006). GAOReport.
Jackson,b.,sullivan,K.F.,& Willis,H.H. (2012). Evaluating thereliability of emergency responsesystem
forlarge- scale incidentoperations. RANDHealtyQuarterly.
Lammie,T.Publisher:JohnWileyandSonInc,ISBN:9780132409810.
Licklider,J.(1962). IntergalacticComputerNetwork.
Lucas, H. (2005). Strategicdecision making formanager. JohnWileyandSon.
Manage yourprofile.(2014). Microsoft.
Markey,S. (2012). Testing yourcomputersecurity incident responseplan.
Napier,A.H.,Judd,P. J.,River,O.,& Andrew,A.Course Technology;ISBN:061906319X.
Northcutt,S.(2009). SecurityLaboratory.
Northcutt,S.(2009). Security Laboratory.
Prosise,C.,&Mandia, K. Investigating computercrime. Mc Graw- Hill;ISBN:00723829 .
Rash,W. (2003). easing the load at the edge. Infoworld,Vol.25,Issue,12.
Russinovich,M.,&Cogswell.Byrice.(2012). Desktop VS2.0.
Schou,C., & Shoemaker,D.(2007). Information assrancefortheenterprise:A road map to security.
McGraw-Hill,ISBN:9780072255249.
Sensitivedatadefinition. (2009). VirginiaCommunityCollege.
Simonski.(2004). Threatsand yourassets- whatis really atrisk.
Steve,M.(2012). TestingyourcomputerSecurityIncidentResponnsePlan. ISACA .
Whitman,M. E., & Mattord, H. J. Cengage Learining;ISBN:9781111138219.