Computer
Network
A good
network allows an organization to oversee and communicate to other units in the
office or other geographical locations. An effective telecommunications network
improves an organization’s consumer relationships and professional partnerships
with innovative solutions (Stallings & Case, 2013). Networks of any size
require similar equipment such as a networking operating system, hubs,
interface cards, and clients. In a wireless local access network (WLAN) clients
have wireless cards or network interface cards to connect to router that
accesses the network within an office and other areas in proximity. Employees
have numerous platforms and devices on which to communicate with other
employees and consumers.
These
devices and platforms create “big data” which organizations store, access, and
transfer to successfully operate. Because many organizations have an increasing
reliance on telecommunications and data storage they seek network solutions and
innovative technology to meet their needs and protect sensitive information. Network
management involves assuring that end-users understand and comply with an
organization’s policies and securing the devices and connections on the
network, to reduce potential security events (Greer, 2021). The following network
security policy addresses the organization’s guidelines that users must adhere
to when accessing the network and the security plan establishes the technical solutions
to create a safe and efficient network.
Network Architecture
The company is a small firm that occupies one building
with one data center. The communication system is centralized with a few
servers located in the data center that all of the network applications run
through. Network security is more
controllable in a centralized model because employees cannot easily make
changes to applications. A centralized communication system is easier to set
and enforce data quality standards and security policies (Stallings & Case,
2013). A centralized system is appropriate for the company’s current operations.
However, the organization’s plan includes growth and additional remote offices.
As the company expands to different geographical locations, the communication
system may change to a distributed system, but the proposed network security
policy is overall applicable to a centralized or distributed communications
system. The company currently uses an Ethernet or LAN (local access network),
but wants its employees to have mobility and the option to work-from home for
certain roles, so the security policy and plan must consider measure for a wireless
WAN (wide access network) or WLAN. The proposed security policy and plan provides
a framework for the network that will allow employees to access the information
and applications required to perform their roles while protecting the network
from internal and external threats.
Network Security Policy
1. Password Management
IT will assign a unique
login ID and default password for employees to access the network, and
necessary applications according to job function. Once the employee is logged
in with the default password, the system will direct the employee to change
their password. The employee should create a strong password following these
guidelines:
·
Password length must be at least eight to
fifteen characters
·
Password must include one uppercase, one
lower case, one number value, and one symbol (i.e. #, !, ?, etc.).
·
Employees should never share passwords nor
keep a written or electronic record of the password to prevent unauthorized
users from accessing the network.
·
Employees must create a unique password that is not used for
any application or system. The password should include different character and
numbers that are not easily guessable (Google, 2013).
2. Acceptable Use Policy
Employees are assigned a
company email address and limited access to the internet. This policy covers internal
and external emails and other forms of electronic communications and internet
usage (Stallings & Case, 2013).
·
An employee’s company email account is
reserved for business-related use, however, employees may use the internet for
reasonable personal use that does not interfere with an employee’s
responsibilities or hinder the organization’s operations (Stallings & Case,
2013).
·
The company prohibits the use of the
internet and email for illegal purposes and this usage must comply with all
other company policies and code of conduct (Stallings & Case, 2013).
·
Employees are prohibited from sharing or
transmitting protected and proprietary information outside the network to an
unauthorized third party.
·
Disciplinary actions for violating this or
other guidelines will be reviewed by the disciplinary action teams and may
range from a verbal or written warning up to immediate termination. (Stallings
& Case, 2013).
·
The organization owns the rights to any
data and information shared across the network.
3. Remote Access Policy
The network is accessible wirelessly through many available
Wi-Fi devices like a cell phone, desktop, laptop, or tablet if the network
allows.
·
Employees may not access the network or
use network devices over unsecured, public wireless internet.
·
Employees must follow the password
creation and protection guidelines.
·
Remote access to the network must be
accessed through the VPN.
·
Home networks must be installed/set up by
an approved internet service providers and accessed only for work-related
purposes.
· Unauthorized distribution of the organization’s property, purposefully or unintentionally, will result in disciplinary action.
Network Security Plan
1. Password Protection
and Unauthorized Users Plan
·
IT will only create log-ins for employees
who require access to specific applications to prevent unauthorized access.
Managers and supervisors may make these access requests.
·
The system will prevent employees from
creating a weak passwords that do not follow the password criteria. Systems
will ask employees to change their passwords every six months.
·
Systems will use two-factor authentication
for remote employees’ logins.
·
IT will immediately inactivate any access
to employees upon termination (Stallings & Case, 2013). Managers must
report termination requests immediately to the CIO.
2. Internal Communications
Plan
Insufficient bandwidth
and heavy traffic can cause performance issues and slow down the network.
Prioritizing traffic through settings and limiting non-essential traffic will
optimize an organization’s bandwidth (Solar Winds Worldwide, 2019). Reducing
non-essential communications can protect the network from potential internal
and external security threats.
·
Install network segmentation software like
SASE (Secure Access Service Edge) that reduces the attack surface of a network
by classifying users by role, location, and end-point identity (Cisco, 2021).
·
Set data loss prevention measures to
prevent uploading, forwarding, and printing protected information (Cisco,
2013).
·
Use a stateful inspection firewall to inspect,
review, and store information regarding port numbers and TCP connections
(Stallings & Case, 2013).
·
Use a packet filtering firewall to block
and reject communications from unknown sources (Stallings & Case, 2013).
·
Use a circuit-level gateway to monitor
communications between two hosts.
·
Install an application-level gateway that
requires a user to log-n before the connection is authorized (Stallings &
Case, 2013).
·
Zone transfers need to be restricted to
only trusted users. Microsoft recommends raising the security level for zone
transfers by changing the server setting to only allow specific IP addresses to
perform zone transfers (2020). This will prevent transfers to unauthorized
users.
·
Use the SSL Handshake Protocol to assign
encryption, MAC, and a key to transmit data safety from the server to the
client (Stallings & Case, 2013).
3. Internet Security Plan
·
Install antivirus and anti-malware
software to network devices to detect and identify viruses before they enter
the network, but also check for abnormalities and any threat can spread by
using behavior-blocking software (Stallings & case, 2013).
·
Host-based intrusion sensors can monitor
host activities for internal and external threats while analyzers determine if
the activities are an intrusion (Stallings & Case, 2013).
·
Install software to internet browsers such
as Netcraft to block and deny access to unauthorized, malicious websites to
prevent phishing and other security threats.
4. Wireless Network,
Mobile Devices, and Remote Access Plan
Wireless networks provide more mobility and
accessibility, but they are more vulnerable to external security attacks than
LANs. With special software, a network adapter, and a strong network signal,
hackers can access unprotected wireless networks in minutes. If a hacker gains
access to a wireless network he can use the address to download illegal
information, send spam, release viruses, and view private network content
(iFelix, 2006). Here are guidelines to prevent and reduce potential threats:
·
Use a WPA2 Router for wireless access.
WPA2 will prevent unauthorized users from eavesdropping or using a network’s
bandwidth (Stallings & Case, 2013).
·
Use packet-switching with data encryption
that transmits communicated information in an encoded packet that is decoded
upon receipt to the intended sender.
·
Install a VPN IPsec to encrypt and
authenticate the connection between the device and network (Cisco, 2013).
·
Set a strong password for the router and
wireless network. The passwords and user ID cannot be the same for both the
router and network.
·
Configure a private network connection
that hides the IP address on the connected
·
Use access control to recognize users and
devices and block unauthorized access (Cisco, 2021).
Successful implementation of the communications will require approval from the entire organization. The organization’s stakeholders, employees, and managerial staff must adopt and adhere to the policies. If the end users do not understand the network guidelines, or understand the importance behind the policies, then the system will remain vulnerable. Of course the correct hardware and software are crucial for network efficiency and safety, but firewalls and malware can only protect the network if used correctly. IT must follow the network security plan and manage the hardware, install software, and adjust network settings appropriately, but the organization and managers must enforce the policies, and enforce disciplinary or corrective actions to maintain system security.
References
Cisco.
(2021). What is network security? https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
Google.
(2013, June 27). Securing your Wi-Fi
network [Video file]. https://youtu.be/_WHynHcXm7c
Greer, R.
(2021, June 7). Week
five – learning outcome (WLOs) [Lecture]. https://ashford.instructure.com/courses/84744/pages/week-5-weekly-lecture
iFelix.
(2006, October 23). Why you should
protect your wireless network with WPA [Video file]. https://youtu.be/A88XB7_Jz7s
Microsoft.
(2020, May 15). Configure all DNS ones
only to allow transfers to specified IP addresses. https://docs.microsoft.com/en-us/services-hub/health/remediation-steps-ad/configure-all-dns-zones-only-to-allow-zone-transfers-to-specified-ip-addresses
Parker,
K., Horowitz, J., & Minkin, R. (2020, December 9). How the coronavirus
outbreak has and hasn’t changed the way Americans work. Pew Research Center. https://www.pewresearch.org/social-trends/2020/12/09/how-the-coronavirus-outbreak-has-and-hasnt-changed-the-way-americans-work/
Solar
Wind Worldwide. (2019, September 19). What is throughput in networking?
Bandwidth explained [Blog]. https://www.dnsstuff.com/network-throughput-bandwidth#what-is-bandwidth-in-networking
Stallings, W.,
& Case, T. (2013). Business data
communications: Infrastructure, networking and security (7th ed.)
[Electronic version]. Upper Saddle River, NJ: Prentice Hall.
No comments:
Post a Comment