SlideShare a Scribd company logo

Project

Download as DOCX, PDF
E
Elizabeth Nunez
1 of 5
Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 Richman Investments has expanded, adding several new offices in multiple locations. This establishes the need for protection of the company’s assets and because of this there are several different policies that should be implemented into the company. Richman Investments will refrain from using removable hardware on any and all systems that are owned or leased by the company unless otherwise specified by IT management. Any sensitive information should only be stored on removable media if it is required in the performance of your assigned duties or when providing information that is required by other state or federal agencies. Any sensitive information stored on removable media must be encrypted within the Richman Investments Encryption Policy. Richman Investments will require security assurances and user-friendly sites for attracting customers via internet sites. Understanding the business requirements is crucial in the translation of security procedures and policies into a public network. With real time business requirements and economic drivers there has been a force for rapid change to the methods used to conduct business-to-business and business to client communication. Employees are given PCs so they can deliver on assigned tasks; it is crucial that they understand that these PCs are the property of Richman Investments and are not to be used for personal use. There is to be no offensive material or pirated material downloaded or stored on business PCs or any other company hardware. Provided email systems should only be used for business purposes and care needs to be taken of material sent via email. The company is held liable for the actions of employees making it Richman Investments priority to ensure all employees are well educated on the harm that can be caused by not following the policies they have been given. Spam, mass mailing lists, playing games or engaging in online chat groups is
Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 strictly prohibited. All company PCs are required to use the businesses loaded antivirus software to check all data on their PCs, downloaded data or data transferred via disks. Any and all data that is loaded onto the network servers or sent outside the company must be virus checked. Users will not be allowed to disable the antivirus software and the administrators can maintain better control of PCs by implementing group policies as per department functions so users can’t tamper with configurations. All updates and patches for the operating systems and applications must be checked on a regular basis and installed to ensure any and all vulnerabilities are prevented. Ensuring that users are aware of security policies and the risks a business can face if these policies aren’t followed correctly. Richman Investments will continue to educate users through emails and awareness classes. Since the “ILOVEYOU” virus of 2000, it imperative that users are aware of the dangers of opening an email message especially with any attachments because it could potentially flood your email servers and gateways. With the office expansion, added number of employees and the crossing of the U.S. borders, Richman Investments will implement a virus and malware program to thwart malicious code and activity with the following countermeasures and prevention techniques. A list of countermeasure suggestions and a brief description for the implementation of said countermeasures is as follows. PacketFence is a fully supported and trusted, free and open source network access control solution. It boasts an impressive feature set that includes a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support, and layer-2 isolation of problematic devices. It can be used to effectively secure small to very large heterogeneous networks and can be tailored for use as a firewall and router. In addition it is also very powerful, flexible
Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 firewalling and routing platform and it includes a long list of related features and a package system that allows further expandability without the added bloat and potential security vulnerabilities to the base distribution. Administration software will be implemented as follows. Wireshark will be used, it is the world’s foremost network protocol analyzer that allows you to captures and interactively browse the traffic that is running on a computer network. AMANDA is the Advanced Maryland Automatic Network Disk Archiver which is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over a network to tape drives/chargers, disks or optical media. AMANDA uses native utilities and formats that can backup a large number of servers and workstations running multiple versions of Linux or Unix. It also uses a native Windows client to back up Microsoft Windows desktops and servers. The audit and monitoring software will be used as follows. Spiceworks which is free network monitoring software with network management tools, help desk ticketing app, network mapper and more will be used for the Richman Investment Company. Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure glitches and problems before they affect any critical business processes. Cryptography software that will be used is as follows. Firstly Richman Investments will use 7-Zip which is open source software that is under the GNU LGPL license. It has a ZIP container-based AES-256 encryption which allows you to easily create a compressed archive of files and add a password to it. AxCrypt is also an open source file encryption software that
Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 allows you to compress encrypt, decrypt, store, send and work with individual files. It works with Windows shell and it uses AES 256 encryption. The use of Data Communications Software is required; JITSI is a VoIP video conferencing and instant messaging application for Windows, Linux and Mac OS X. It supports severel popular instant messaging and telephony protocols. FreeSWITCH is a scalable open source, cross-platform telephony platform designed to route and interconnect popular communication protocols which use audio, video, text or any other form of media. ClamAV will be used to guard against malicious code and malware. This is an open source antivirus engine which is designed to detect Trojans, viruses, malware and other malicious threats. Gateway Anti-Virus is a Vermont Department of Taxes project which allows applications across an enterprise to check files for viruses by providing a SOAP-based virus scanning web service. The client applications will submit files to the web service and that web service uses ClamAv to scan them for viruses. Data recover software will also be used; software such as BackTrack which is distributed based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is a bootable software CD which contains a number of diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools. It also uses data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer malfunctions.
Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 References (n.d.). Retrieved from http://www.packetfence.org/ (n.d.). Retrieved from http://www.7-zip.org/ (n.d.). Retrieved from http://www.backtrack-linux.org/ (n.d.). Retrieved from http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture- filter-and-inspect-packets/ Jonathan. (2015, January 19). Welcome to the Spiceworks Community. Retrieved from Spiceworks: http://community.spiceworks.com/help/Setting_Up_Monitors_And_Email_Alerts

Recommended

GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
code of conduct
code of conductcode of conduct
code of conductDavid Waddell
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Information security policy
Information security policyInformation security policy
Information security policyBalachanderThilakar1
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
How to use Compliance Software to Prepare for a DOT Audit
How to use Compliance Software to Prepare for a DOT AuditHow to use Compliance Software to Prepare for a DOT Audit
How to use Compliance Software to Prepare for a DOT AuditMark Wayner
 

Recommended

GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
code of conduct
code of conductcode of conduct
code of conductDavid Waddell
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Information security policy
Information security policyInformation security policy
Information security policyBalachanderThilakar1
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
How to use Compliance Software to Prepare for a DOT Audit
How to use Compliance Software to Prepare for a DOT AuditHow to use Compliance Software to Prepare for a DOT Audit
How to use Compliance Software to Prepare for a DOT AuditMark Wayner
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
NSA and PT
NSA and PTNSA and PT
NSA and PTRahmat Suhatman
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
How Computer Network Support System Work Against Hacking?
How Computer Network Support System Work Against Hacking?How Computer Network Support System Work Against Hacking?
How Computer Network Support System Work Against Hacking?jeremyhall724
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8virtualmemory
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security fieldAhmed Musaad
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsJosh Moulin, MSISA,CISSP
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
ITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilitiesITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilitiesITrust - Cybersecurity as a Service
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
ITE - Chapter 10
ITE - Chapter 10ITE - Chapter 10
ITE - Chapter 10Irsandi Hasan
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Dave Ford Resume
Dave Ford ResumeDave Ford Resume
Dave Ford ResumeDave Ford
 
report-final
report-finalreport-final
report-finalJohn Giblin
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network careerUniversitas Bina Darma Palembang
 

More Related Content

What's hot

A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
How Computer Network Support System Work Against Hacking?
How Computer Network Support System Work Against Hacking?How Computer Network Support System Work Against Hacking?
How Computer Network Support System Work Against Hacking?jeremyhall724
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security fieldAhmed Musaad
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsJosh Moulin, MSISA,CISSP
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Dave Ford Resume
Dave Ford ResumeDave Ford Resume
Dave Ford ResumeDave Ford
 

What's hot (20)

A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidents
 
How Computer Network Support System Work Against Hacking?
How Computer Network Support System Work Against Hacking?How Computer Network Support System Work Against Hacking?
How Computer Network Support System Work Against Hacking?
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security field
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
ITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilitiesITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilities
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
ITE - Chapter 10
ITE - Chapter 10ITE - Chapter 10
ITE - Chapter 10
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Dave Ford Resume
Dave Ford ResumeDave Ford Resume
Dave Ford Resume
 
report-final
report-finalreport-final
report-final
 

Similar to Project

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
 
Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29rosu555
 
ZERO DAY PLUS presentation
ZERO DAY PLUS presentationZERO DAY PLUS presentation
ZERO DAY PLUS presentationAlexander Rogan
 
Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015Clint Walker
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention GuideBrian Honan
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Corporation
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...MohamedOmerMusa
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxgriffinruthie22
 
Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Khalid Kamal
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
Trusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionTrusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionIBM Security
 
The_CNPITH_STORY_V1.2(draft)
The_CNPITH_STORY_V1.2(draft)The_CNPITH_STORY_V1.2(draft)
The_CNPITH_STORY_V1.2(draft)David Simpson
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdfBelayet Hossain
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 

Similar to Project (20)

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29
 
Policy for PDO
Policy for PDOPolicy for PDO
Policy for PDO
 
ZERO DAY PLUS presentation
ZERO DAY PLUS presentationZERO DAY PLUS presentation
ZERO DAY PLUS presentation
 
Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention Guide
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control Systems
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 
Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Trusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionTrusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware Protection
 
The_CNPITH_STORY_V1.2(draft)
The_CNPITH_STORY_V1.2(draft)The_CNPITH_STORY_V1.2(draft)
The_CNPITH_STORY_V1.2(draft)
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum Copy
 

Project

  • 1. Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 Richman Investments has expanded, adding several new offices in multiple locations. This establishes the need for protection of the company’s assets and because of this there are several different policies that should be implemented into the company. Richman Investments will refrain from using removable hardware on any and all systems that are owned or leased by the company unless otherwise specified by IT management. Any sensitive information should only be stored on removable media if it is required in the performance of your assigned duties or when providing information that is required by other state or federal agencies. Any sensitive information stored on removable media must be encrypted within the Richman Investments Encryption Policy. Richman Investments will require security assurances and user-friendly sites for attracting customers via internet sites. Understanding the business requirements is crucial in the translation of security procedures and policies into a public network. With real time business requirements and economic drivers there has been a force for rapid change to the methods used to conduct business-to-business and business to client communication. Employees are given PCs so they can deliver on assigned tasks; it is crucial that they understand that these PCs are the property of Richman Investments and are not to be used for personal use. There is to be no offensive material or pirated material downloaded or stored on business PCs or any other company hardware. Provided email systems should only be used for business purposes and care needs to be taken of material sent via email. The company is held liable for the actions of employees making it Richman Investments priority to ensure all employees are well educated on the harm that can be caused by not following the policies they have been given. Spam, mass mailing lists, playing games or engaging in online chat groups is
  • 2. Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 strictly prohibited. All company PCs are required to use the businesses loaded antivirus software to check all data on their PCs, downloaded data or data transferred via disks. Any and all data that is loaded onto the network servers or sent outside the company must be virus checked. Users will not be allowed to disable the antivirus software and the administrators can maintain better control of PCs by implementing group policies as per department functions so users can’t tamper with configurations. All updates and patches for the operating systems and applications must be checked on a regular basis and installed to ensure any and all vulnerabilities are prevented. Ensuring that users are aware of security policies and the risks a business can face if these policies aren’t followed correctly. Richman Investments will continue to educate users through emails and awareness classes. Since the “ILOVEYOU” virus of 2000, it imperative that users are aware of the dangers of opening an email message especially with any attachments because it could potentially flood your email servers and gateways. With the office expansion, added number of employees and the crossing of the U.S. borders, Richman Investments will implement a virus and malware program to thwart malicious code and activity with the following countermeasures and prevention techniques. A list of countermeasure suggestions and a brief description for the implementation of said countermeasures is as follows. PacketFence is a fully supported and trusted, free and open source network access control solution. It boasts an impressive feature set that includes a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support, and layer-2 isolation of problematic devices. It can be used to effectively secure small to very large heterogeneous networks and can be tailored for use as a firewall and router. In addition it is also very powerful, flexible
  • 3. Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 firewalling and routing platform and it includes a long list of related features and a package system that allows further expandability without the added bloat and potential security vulnerabilities to the base distribution. Administration software will be implemented as follows. Wireshark will be used, it is the world’s foremost network protocol analyzer that allows you to captures and interactively browse the traffic that is running on a computer network. AMANDA is the Advanced Maryland Automatic Network Disk Archiver which is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over a network to tape drives/chargers, disks or optical media. AMANDA uses native utilities and formats that can backup a large number of servers and workstations running multiple versions of Linux or Unix. It also uses a native Windows client to back up Microsoft Windows desktops and servers. The audit and monitoring software will be used as follows. Spiceworks which is free network monitoring software with network management tools, help desk ticketing app, network mapper and more will be used for the Richman Investment Company. Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure glitches and problems before they affect any critical business processes. Cryptography software that will be used is as follows. Firstly Richman Investments will use 7-Zip which is open source software that is under the GNU LGPL license. It has a ZIP container-based AES-256 encryption which allows you to easily create a compressed archive of files and add a password to it. AxCrypt is also an open source file encryption software that
  • 4. Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 allows you to compress encrypt, decrypt, store, send and work with individual files. It works with Windows shell and it uses AES 256 encryption. The use of Data Communications Software is required; JITSI is a VoIP video conferencing and instant messaging application for Windows, Linux and Mac OS X. It supports severel popular instant messaging and telephony protocols. FreeSWITCH is a scalable open source, cross-platform telephony platform designed to route and interconnect popular communication protocols which use audio, video, text or any other form of media. ClamAV will be used to guard against malicious code and malware. This is an open source antivirus engine which is designed to detect Trojans, viruses, malware and other malicious threats. Gateway Anti-Virus is a Vermont Department of Taxes project which allows applications across an enterprise to check files for viruses by providing a SOAP-based virus scanning web service. The client applications will submit files to the web service and that web service uses ClamAv to scan them for viruses. Data recover software will also be used; software such as BackTrack which is distributed based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is a bootable software CD which contains a number of diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools. It also uses data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer malfunctions.
  • 5. Elizabeth Nunez NT2580 Mr. Smith Unit 10 Project Part 2 Due: 5/29/2015 References (n.d.). Retrieved from http://www.packetfence.org/ (n.d.). Retrieved from http://www.7-zip.org/ (n.d.). Retrieved from http://www.backtrack-linux.org/ (n.d.). Retrieved from http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture- filter-and-inspect-packets/ Jonathan. (2015, January 19). Welcome to the Spiceworks Community. Retrieved from Spiceworks: http://community.spiceworks.com/help/Setting_Up_Monitors_And_Email_Alerts