Multi-layered security Plan Essay

Hardw atomic number 18 and packet are key sections of both organizations fundament. Components in each domain of the seven domains of the IT infrastructure whitethorn connect to a interlock or to the earnings, and post be vulnerable to vindictive attacks. Malicious attacks on hardware and packet can also lead to more widespread problems. These problems can include way out of critical data or theft of financial information or intellectual property.Un protected IT and network infrastructure assets can offer attackers and cybercriminals the widest opening to access elegant resources. The ease of access makes assets that are connected to the internet the most(prenominal) common maiden point of attack. That means those assets should be you first line of defense. Technical failure and human error are the most common ca mappings of un learned down judgment of conviction. Malicious attacks can occur and cause downtime in all seven domains of an IT infrastructure, but you are mor e likely to chat them in the User, Workstation, LAN, and WAN domains.Opportunity cost is the amount of money a company losses out-of-pocket to downtime. The downtime can be either intentional or unintentional. Some organizations refer to opportunity cost as consecutive downtime cost. It usually measures the loss of productivity experienced by an organization due to downtime. One of the most important things that information security professionals try to protect is their organizations reputation and brand image. Companies that suffer from security breaches and malicious attacks that expose any assets are likely to face serious disconfirming consequences in the commonplace eye. In the popular usage and in the media, the destination hacker often describes someone who breaks into a computer system without imprimatur. In most cases that means the hacker tries to take control of a remote control computer through a network, or software cracking.The media and the general public also use the word hacker to describe anyone accused of use technology for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or one of many other forms of crime. Protecting an organizations reckoning resources requires that you have some idea what tools your enemy will be using. penetrative how attackers work makes it possible to defend against their attacks. Many organizations use the same tools that attackers use to help identify weaknesses they need to address and it is better to do so before an attacker does. Computer criminals and malicious individuals use a quash of hardware and software tools to help carry out attacks.These tools and techniques include photo scanners, Port scanners, Sniffers, War dialers, and Key loggers. As with most technology requirements, it is unaccepted to cover all of your organizational needs with a single apparatus or program. By the same token, haphazardly bolting together a chassis of unrelated solutions leaves cracks that only get bigger as time goes on. Whats required is a multi-layered, company-wide approach in which integrated products complement and reenforce each other. In multilayered Network intrusion detection Systems (NIDS) is the first take of protection against remote intruders. NIDS monitor all the communications that come in to and stop those that look suspicious.This prevents hackers from overloading your server with Denial of Server (DOS) attacks and scanning your ports for vulnerabilities. attached comes the firewall which only legitimate communications (e.g. email, password certified remote users) are permitted to go through the firewall. This prevents illegitimate users from logging into or using your network. and so comes Email Scanning, while an email is technically an authorized form of communication, it may contain objectionable content (pornography, confidential information, overly large files, etc.).This software scans the contents of the email and rejects th ose that violate your company policies. Internet Security similar to email, a web site is technically an authorized form of communication. thus far only certain web sites and downloads are appropriate for the workplace. This software uses inborn criteria to limit the sites that can be visited, and scans what is downloaded. After that comes Server Level computer virus Scanning which is a strong anti-virus program with up figured signature files checks for viruses on either file that is saved to the server and protects against them. This is particularly important for email servers, such(prenominal)(prenominal) as those running MS Exchange.Workstation Virus Scanning Not every file is saved on the server. Files from a number of sources including those from infected floppy disks or downloaded off the internet are put directly on the local workstation, which therefore requires its own Anti-Virus software. Update Communication Software From time to time, prospective intruders and vi rus writers find vulnerabilities in popular types of communication software, such as Microsoft Outlook. When those holes are discovered software fixes or patches are do to close the vulnerabilities. It is therefore necessary to be diligent about beingness aware of these updates and applying them to the software.THE BEST DEFENSE Attentive Employees and Corporate Policies We can machine many effective technological solutions, but the most essential piece of a secure business is a company of people who determine the various dangers and the role they play in preventing them. One regularly quoted statistic is that 80% of security breaches come from inside the company. Strong security requires strong incorporate policies, clear management dedication, and good employee education about risks. 1) GeneralThis MLS think will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domaina. The usage of security awareness t raining to instruct employees of Richman Investments security policies b. Auditing of user bodily function3) Workstation Domaina. The usage of antivirus and anti-malware programs on each user computer b. relentless access privileges to corporate datac. Deactivation of media ports4) LAN Domaina. Utilizing network switchesb. WPA 2 encryption to wireless access pointsc. Securing server rooms from unauthorized access5) LAN to WAN Domaina. Closing off unused ports via a firewall to reduce the chance of unwanted network access b. monitoring device inbound IP traffic, more specifically looking for inbound transmissions that face signs of malicious intent c. Run all networking hardware with up to date security patches, and operating systems 6) WAN Domaina. Enforce encryption, and VPN tunneling for remote connections b. assemble routers, and network firewalls to block Ping requests to reduce chance of Denial of expediency attacks c. Enforce anti-virus scanning of email attachmentsi. I solate found malicious software (virus, Trojans, etc.) when found d. Deployment of redundant internet connections to maximize availability 7)Remote rag Domaina. Establish strict user password policies, as well as lockout policies to defend against brute force attacks b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost, or stolen c. enroll the hard drives of company computers, laptops and mobile device to prevent the loss of sensitive data