Project Part 1 Multi-Layered Security Plan

In: Computers and Technology

Submitted By Puffin55555
Words 389
Pages 2
1. Disruption prevention - This is an approach to protect the entire device. A majority of well-known Internet security software falls into this category. They are designed to prevent a broad array of malicious attacks. The goal of device disruption prevention is to identify and prevent viruses from reaching the device, protecting personal information from identity thieves, and eliminating the threat of malware.

2. Important File Protection - Along with this approach, it is also important to add protection for specific valuable files. The well-known Internet security software tends to focus on mission-critical files whereas this type of file protection focuses on data important to the user. This includes family photos, music, documents, and financial records. Once accessed by a malicious hacker, these files present a serious Internet privacy risk. They are not only used for identity theft, but also social engineering schemes such as targeted phishing.

3. Active Internet security - This type of protection is designed to be used anytime a device is connected to the Internet. This includes Wi-Fi hotspots, hotels, airports, and even at home. This layer of security is focused on protecting data as it is transferred to and from the user’s device. The most common way to achieve this is by encrypting data and using secure connections.

4. Active Online Interaction Protection - Online interaction protection is a critical layer of defense against identity theft and social engineering. While there are tools which complement this type of protection, it is primarily based upon the user’s actions. Simply being aware of the different types of online scams used to steal information and insert malware into a device can go a long way in achieving comprehensive Internet security. Taking a security-conscious approach to using the Internet is the most vital component of…...

Similar Documents

Project Part 1 Multi-Layered Security Plan

...Project Part 1 Multi-Layered Security Plan Introduction The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect national security and business information. Therefore, IT is in great need of proper security controls. Scenario Richman Investments is a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in:  Atlanta, Georgia  Chicago, Illinois  Cincinnati, Ohio  Denver, Colorado  Los Angeles, California  Montreal, Canada  New York City, New York  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements of a multi-layered security plan and to create an outline. Your outline should indicate one or more general security solutions for each of the seven......

Words: 347 - Pages: 2

Project: Part 1 Multi-Layered Security Plan

...Multi-Layered Security Outline To: Richman Investments Senior Management Outline includes: Security solutions for each of the seven domains. User Domain: This is where the first layer of defense starts for a layered security strategy. We will conduct security awareness training, restrict access for users to specific systems and programs, create an acceptable use policy, and track and monitor employee behaviors. Workstation Domain: Start by creating strong passwords to protect workstation access, then enable antivirus protections, and mandate security awareness training to all employees. This domain is almost as vulnerable as the user domain and also needs constant monitoring. LAN Domain: To prevent unauthorized access we can physically secure wiring closets and data centers, implement encryption protection, define strong access control policies and strong second-level authentications. LAN-to-WAN Domain: Disable ping, probing and port scanning, apply strict security monitoring controls, and update devices with security fixes and software patches right away are excellent measures to take. WAN Domain: Use encryption and VPN tunnels for end-to-end secure IP communications, and scan all e-mail attachments for type, antivirus, and malicious software. Back up and store data in off-site data vaults. Remote Access Domain: Establish user ID and password policies requiring periodic changes, set automatic blocking for attempted logon retries, and encrypt all data within......

Words: 257 - Pages: 2

Multi Layered Security Plan

...Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s internet/network and make notes......

Words: 518 - Pages: 3

Nt2580 Project 1 Multi Layered Security Plan

...NT2580 Project Part 1: Multi-Layered Security Plan When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. In the workstation domain, we need to make sure that each of the workstations, whether desktop or laptop, has antivirus and malware protection installed on them. Laptops are very vulnerable for loss or theft, so all company laptops should have an encrypted hard drive so that if they are stolen, the data contained on them is not recovered by anyone but the owner. For the LAN domain, we need to have training about email scams. Most users know not to access suspicious emails when on our system but a quick training course will help. Also, adding spam filters will help get rid of most of the junk email, so there is much less risk of employees opening emails containing malware. In the LAN-to-WAN......

Words: 505 - Pages: 3

Multi-Layered Security Plan

...Part 1: Multi-Layered Security Plan Security is a fundamental aspect of any network infrastructure. The goal is to always have the most up to date programs and protocols to ensure the protection of the network. No aspect is too small to over look. That could mean the difference between a secure network and a compromised network. The best way to achieve this is to break down every level and approach each one as a separate entity and secure it. Then you can modify it to suit the needs of your network. We can start with the Application layer. The Application layer provides the interface to the user. First the end user should be subjected to a background check to ensure against any potential malicious or questionable acts in the users past. Then the end user should be properly trained in the use of the computer and the proper protocols to access the network. Updates should be made frequently to keep the user up to date. When the user is in the network, make sure that any unnecessary devices, USB ports and any back doors are disabled. You also want to make sure that all files and emails and downloadable attachments are all thoroughly scanned prior to downloading. Finally, be sure to ensure content filtering, and restrict the end user to only what pertains to their primary function. The Presentation layer is responsible for encoding and decoding data that is passed from the application layer to another station on the internetwork. You must first ensure that all USB ports are......

Words: 328 - Pages: 2

Project Part 1: Multi-Layered Security Plan

...Project Part 1: Multi-Layered Security Plan Introduction The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect national security and business information. Therefore, information technology (IT) is in great need of proper security controls. Scenario Richman Investments is a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in:  Atlanta, Georgia  Chicago, Illinois  Cincinnati, Ohio  Denver, Colorado  Los Angeles, California  Montreal, Canada  New York City, New York  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements of a multi-layered security plan and to create an outline. Your outline should indicate one or more general security solutions......

Words: 349 - Pages: 2

Multi Layered Security Plan

...Poppa Smurf IT255 Friday, 6pm Mrs.Creighton 7/12/13 Multi-Layered Security Plan When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. The seven domains are user domain, workstation domain, LAN domain, LAN to WAN domain, WAN domain, and remote access domain. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Easiness of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. In the workstation domain, we need to make sure that each of the workstations, whether desktop or laptop, has to have antivirus and malware protection installed on them. Express strict access control polices and standards. And mandate annual security awareness training for all employees For the LAN domain, Make sure wiring closets, data centers, and computer room are secure. Use a WLAN network keys that require a password for wireless access. And implement encryption between workstation and WAP to maintain confidentiality. In the LAN-to-WAN domain,......

Words: 386 - Pages: 2

Multi-Layered Security

...Multi Layered Security Plan Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s......

Words: 302 - Pages: 2

Multi-Layered Security Plan

...NT2580 Introduction to information security | 7 Domain of IT Infrastructure Security Plan | Project Part 1 | | | [Pick the date] | As described by Tipton and Henry, information security management establishes the foundation for a comprehensive security program to ensure the protection of an organization's information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of the information assets in the IT Infrastructure. Each one of the domain of the typical IT Infrastructure needs a proper security controls to ensure the confidentiality, integrity, and availability (CIA Triad). The following are the overview of the seven Domains: User Domain This is the domain of users that access systems, application, and data. It is the information asset of the organization that will be available to a rightful user by authenticating the user by the acceptable use policy (AUP). It is also define that the user is the weakest link in an IT infrastructure, but by educating user of the sensitivity of the IT infrastructure in the security awareness, security control shall be enforced. Security control to this domain can also be enforced by defining and implement the user policy of the IT infrastructure. Workstation Domain This is the domain where users first connect to the IT infrastructure. Because of numerous threats, it is necessary to......

Words: 889 - Pages: 4

Multi-Layered Security Plan

...Earlier today, I was instructed to create a general purpose outline for our company’s multi-layered security plan. There are seven (7) domains in a typical IT infrastructure: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and System/Application Domain. Each domain has their own unique risks, threats, and vulnerabilities that need to be mitigated in order to ensure our company’s security. In the User Domain the first thing that should be done is create an acceptable use policy (AUP). An AUP defines what users are allowed to do with organization-owned IT assets. Violation of the terms defined in the AUP can be grounds for dismissal. We will require staff and other 3rd parties to sign a confidentiality agreement to keep private data confidential. In addition to signing a confidentiality agreement, some positions may require criminal background checks to help ensure security. Here at Richman Investments we need to conduct security awareness training, insert reminders in banner greetings, and send email reminders to employees with security related tips. Disabling internal CD drives and USB ports will help keep employees from accessing personal photos, music, and videos at work. Also enabling automatic virus scans for email attachments and all new files that reach the workstation. The Workstation Domain is where most users connect to the IT infrastructure. A Workstation can include a computer, smartphone or any other device......

Words: 807 - Pages: 4

Multi-Layered Security Plan for Richman Investments

... David Girten Jr 05 Aug 2013 Multi-Layered Security Plan for Richman Investments User Domain: Main concern at this domain is lack of user knowledge on what different attacks look like and proper response protocols. Here are a few solutions: A) Training: send emails on security best practices; alerts on common and new attack vectors; hold company-wide training segmented throughout the day; place Infosec, Opsec posters and incident response procedures in every space B) Auditing of user activity: Setup a script to run on the proxy server utilizing a dirty word list to search user internet usage Workstation Domain: Main concern here is unauthorized access and out-of-date anti-virus software. Here are some solutions: A) Anti-virus/Anti-malware: Keep up-to-date with latest patches from vendor websites B) Passwords; Technical Controls: Enable password policies through GPO’s and screen-saver passwords for extra access protection LAN Domain: Main concern here is physical access to network assets. Here are some solutions: A) Securing high-priority systems: Establish access lists; combo/cipher locks for server and switch rooms; also have a sign-in sheet for contractors and tech-reps working on-site B) Implement Kerberos as another secure means of identifying users over a non-secure network LAN to WAN Domain: Main concern here is the attempt for attackers to scan the network. Here are some solutions: A) Install IDS/IPS on the network to monitor and combat network anomalies;......

Words: 390 - Pages: 2

Nt2580 Project 1 Multi Layered Security Plan

...Nt2580 Project 1 Multi Layered Security Plan Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. Project Part 1 Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies b....

Words: 489 - Pages: 2

Multi-Layered Security Outline Plan

...INVESTMENTAND CONSULTING FIRM Multi-Layered Security Outline Plan IT Infrastructure Security Daniel Satterfield 7/1/2014 Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls   MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and......

Words: 751 - Pages: 4

Multi Layered Security Plan

...Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies b. Auditing of user activity 3) Workstation Domain a. The usage of antivirus and anti malware programs on each user computer b. Strict access privileges to corporate data c. Deactivation of media ports 4) LAN Domain a. Utilizing network switches b. WPA 2 encryption to wireless access points c. Securing server rooms from unauthorized access 5) LAN to WAN Domain a. Closing off unused ports via a firewall to reduce the chance of unwanted network access b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent c. Run all networking hardware with up to date security patches, and operating systems 6) WAN Domain a. Enforce encryption, and VPN tunneling for remote connections b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks c. Enforce anti virus scanning of email attachments i. Isolate found malicious software (virus, Trojans, etc.) when found ...

Words: 298 - Pages: 2

Project Part 1 Multilayered Security Plan

...Project Part 1 As of today, millions of threats have become reality in today’s technological world. In order to prevent our network from become one of millions affected, steps to secure all seven domains have to be implemented. The OSI Model consists of these seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical layer. Most frequent attacks start of in the Application layer, and that’s only because it is the layer most of us are familiar with. This layer deals with the user. In order to prevent an attack on this layer security measures need to be set. For example, anti-viruses can scan systems for unwanted malicious programs from contaminating the system by scanning files and drives as well as program that could be potentially downloaded either by accident or on purpose. Policies can also be provided to employees stating that they are only allowed to do certain things on company systems. Once the employee has signed such policy, if they ever violate it, they can be reprimanded or terminated, depending on the severity of their actions. In the Presentation Layer, data is encrypted. In order to protect this layer, a complex for of encryption should take effect. Encryption such as AES could be implemented in order to avoid data from being decrypted easily. The Session Layer deals with communication between hosts. We can protect this layer by using encrypted VPN’s as well as secured connections. The Transport Layer and the......

Words: 472 - Pages: 2

Discuss The Roles Of Nature And Nurture With Regard To The Interpretation And Evaluation Of Sensory Data | good communication - 673 Words | Suburgatory streaming