Mitigating risk to an IT infrastructure

Anonymous

Question Description

High-level Overview PowerPoint Presentation

For this presentation, provide a high-level overview of the procedures you implemented to improve Network Access Control and the newly mapped access controls. Also create a security checklist that can be used to conduct annual access control audits. Finally, make recommendations for three websites that include security RSS feeds to keep the company abreast of possible future security issues/exploits.

Create a PowerPoint presentation that includes a high-level overview according to the following criteria

    1. Summarize the access controls implemented at LOTR. Please provide a brief rationale for each of the recommended and implemented controls.
    2. Create a security checklist that can be used to conduct annual access control audits.
    3. Recommend three security websites with the ability to set up a corporate RSS feed. Explain why you selected these three sites. (Note: Please use three quality resources for this last step. Wikipedia and similar websites do not qualify as quality resources.)

Your assignment must follow these formatting requirements:

  • For PowerPoint submissions: Your PowerPoint presentation must be submitted as a functional, valid .PPT file. Include a title slide containing the title of the assignment, your name, the professor’s name, the course title, and the date.

The specific course learning outcomes associated with this assignment are:

  • Examine methods that mitigate risk to an IT infrastructure with confidentiality, integrity, availability, and access controls.
  • Determine appropriate access controls for information systems within IT infrastructures.

Mitigating risk to an IT infrastructure
lotr_experience.jpg.3.jpg
Mitigating risk to an IT infrastructure
lotr_experience.jpg.2.jpg
Mitigating risk to an IT infrastructure
lotr_experience.jpg

Unformatted Attachment Preview

Running head: NETWORK ACCESS CONTROL (NAC) Network Access Control (NAC) Gary Dandridge CIS560 – Security Access and Control Strategies NETWORK ACCESS CONTROL (NAC) 2 NAC Best Practices According to Krutz and Vines (2010), network access control (NAC) refers to the measures that need to be put in place to regulate the accessing of the given network by users, devices as well as software. These controls work to protect the network against unauthorized access. It is paramount for the information technology officers working on any organization to be aware of the dangers that may befell the entire organization in the event of a security breach. For that reason, NAC advocates for transparency and accountability in terms of who is supposed to access the network or some part of it, on what kind of device, as well as the location from which the network should be accessed. For the security of the network to be assured, there is need to address the network security at endpoints, direct logins and remote access. Endpoint security poses a big problem to many networks due to negligence in implementation of access controls. The endpoint devices including desktops, laptops, scanners, printers and network connected mobile phones are the points from which the users access the network. When employees for the organization are out of the premises and are required to log into the network to perform some task, they may end up accessing the network from devices without the lasts OS patches, or with an antivirus that is not up to date. Worse still is when they access the network using public Wi-Fi or cybercafé (Pensak, Cristy & Singles, 2001). To ensure the endpoint security of the network, the system administrator of LOTR should set out a policy that acts as a guide to users, devices and software accessing the network. The system should come up with a list of authorized hardware .and OS version, authorized antivirus software, firewall, as well as the access point company software to access the system. The system should also possess an inbuilt functionality to scan the device and software for NETWORK ACCESS CONTROL (NAC) 3 authenticity before allowing access. In the event that malicious software is detected, the system should lock that device immediately by using its IP address. Direct login allows a direct access of a user to the network using any device from wherever they are. After authentication and validation, the user acquires similar access privileges to the ones he enjoys when using the LAN connected device (Pensak et.al, 2001). The NAC best practices in the case of direct login requires the implementation of a gateway device, such as StillSecure's SafeAccess, which intercepts the request for authentication send by the endpoint device, and uses cached credentials of the account to check for compliance of the device and software. This validation may include OS version validation, registry settings, as well as the firewall availability. The NAC also requires high security to be employed in this case, since the caching of credentials creates an additional database. The remote access on the other hand requires the endpoint device to have a preinstalled client software or a plug-in, which eliminates the additional requirement for caching credentials in the direct login. The NAC guideline in the case of remote access is that the network should employ a vulnerability scanning technology for querying the client-side agents to check whether the needed programs for protecting the network are running. An example of such technology is the ENDFORCE enterprise, which employs resident agent in checking application and Operating System of the host as well as file signatures and patches. In the event that the device fails the checks, it is barred from accessing the network, and automated remediation procedures are provided as advice to the user. These procedures ensure that the client complies with the requirements before being allowed access (Werlinger, Hawkey & Beznosov, 2009). NETWORK ACCESS CONTROL (NAC) 4 Enforcing and Monitoring NAC Controls In order to enforce and monitor the NAC controls, there is the need to implement several mechanisms in the case of the LOTR network. These mechanisms are aimed at ensuring that the system is secure at all times. They also provide ways for ensuring that erroneous validation does not bar authorized devices through mistakenly portraying unauthorized characteristics. One of the ways that the LOTR can comply with the NAC controls is through ensuring that all software is up to date (Fischer-Hübner, 2001). These include the operating system as well as the antivirus software. Software that is not updated provides a loophole that can be exploited by unscrupulous hackers to compromise the security of the system. For that reason, the system administrator should stay in touch with the software vendor to know when a new version is available or an update on the current software version has been done. The update should be made as soon as the new release is published. Also, the LOTR system administrator should come up with awareness programs to sensitize the employees on their security requirements towards the system. New employees should be educated on the basic cyber security to avoid risking the system. This should be done immediately after recruitment, and a review of the same after every three months to keep them on toes with the current trends in cyber security threats and employee related concerns (Werlinger et.al, 2009). Some of the topics that could be addressed in these forums include the privacy of login details, how to switch on the firewall, how to use antivirus, as well as how to update operating system. Equipped with this information, the employees can be in a better position to protect the system from threats that could occur due to negligence. NETWORK ACCESS CONTROL (NAC) 5 Additionally, there is the need for regular scanning of the system and end point devices to see whether there is malicious software. All end devices should be scanned thoroughly before allowing them to access the network. In the event that a malicious software is detected, the device should be blocked from accessing the system. Potential NAC related issues in LOTR Network Design Looking at the LOTR network design several network issues related to the NAC are evident. One such network issue is the sharing of interface between different departments. For instance, the elven (sales and marketing) department and the non-elven (IT and help desk) department are sharing views as indicated in the network diagram. This compromises the confidentiality of the elven department information since the non-elven members can still access it. Additionally, the whole network as shown in the network diagram uses the same subnet protocol. This has the problem of opening all the clients for direct communication, which also poses a security threat to the integrity of information in the network. For instance, due to direct access, the dwarf at the help desk can easily access the customer data meant for the elven department, breaching the accountability of the elven department. Moreover, the LOTR network does not indicate the different levels of information access. For instance, it does not show the difference in network access between the Elven Lord and the elves. Due to this, some people may have access to information that they do not even need, and could end up misusing it (Werlinger et.al, 2009). Similarly, this issue could lead to denial of access to the Elven Lord to information meant for him by mistaking him for elves. The main risk that this type of network poses to the entire system is that of validating to know who is who and who should access what type of information. In the event that a sales NETWORK ACCESS CONTROL (NAC) record is tampered with, or customer information is leaked, the network has no mechanism to trace the user behind the breach. To safeguard the system against this problem, there is the need to come up with different user levels based on rank and the department. There is also a need to revise the subnet used to make it more specific to protecting more sensitive information of the network (Saint-Germain, 2005). For instance, the person working at the help desk does not need to access the information in the marketing department. 6 NETWORK ACCESS CONTROL (NAC) 7 References Fischer-Hübner, S. (2001). IT-security and privacy: design and use of privacy-enhancing security mechanisms. Springer-Verlag. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing. Pensak, D. A., Cristy, J. J., & Singles, S. J. (2001). U.S. Patent No. 6,289,450. Washington, DC: U.S. Patent and Trademark Office. Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management Journal-Prairie Village-, 39(4), 60. Werlinger, R., Hawkey, K., & Beznosov, K. (2009). An integrated view of human, organizational, and technological challenges of IT security management. Information Management & Computer Security, 17(1), 4-19. Running Head: THE COST OF INADEQUATE CONTROL The Cost of Inadequate Controls Gary Dandridge CIS 560 – Security Access and Control Strategies 1 THE COST OF INADEQUATE CONTROL 2 The Cost of Inadequate Controls In the field of technology, new products and advancements in technology emerge every day and become more sophisticated and advanced. As these technologies advance, threats to their security advance, as well, due to the continual rise of malicious personnel and programs worldwide. This call for a dedicated and experienced team of security analysts and administrators that will intercept threats beforehand, and quickly come up with efficient ways to counteract these threats, in terms of cost, precision, and the overall integrity of the system. Profit and Loss Statement 2018 PROFIT AND LOSS STATEMENT NET INCOME LORD OF THE RINGS EXPERIENCE -$987,132 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC YTD Income From Operations ($23,075) ($29,211) ($32,982) ($62,091) ($72,747) ($139,575) ($140,024) ($162,482) ($85,157) ($76,713) ($78,400) ($64,560) ($967,018) Interest Income (Expense) ($100) ($105) ($110) ($116) ($122) ($128) ($134) Income Before Income Taxes ($23,175) ($29,316) ($33,093) ($62,207) ($72,869) ($139,703) ($140,158) Income Tax Expense $2,400 $2,500 $2,600 $2,700 $2,900 $3,000 $3,200 Net Income ($25,575) ($31,816) ($35,693) ($64,907) ($75,769) ($142,703) ($143,358) ($814) ($162,482) ($85,157) ($76,713) ($78,400) ($64,560) ($967,832) $19,300 ($162,482) ($85,157) ($76,713) ($78,400) ($64,560) ($987,132) THE COST OF INADEQUATE CONTROL 3 The Lord of The Rings experience access control security measures The LOTR experience is a networked model of a journey, based on the journey of Frodo to cast the evil ring to Mt. Doom, so as to forever kill the power of the dark lord Sauron. It is to give a real-life 3-month experience to guests. The architecture involves a central cloud server that connects two networked main offices, Graymouth and Duendlin, from which all the networked services are rendered, and also are the departure and destinations places respectively. The services rendered in the structure of the LOTR experience are sales and marketing (by the Elves), IT services, headed by the Vice president Framir, which include IT by a nobleman, SQL, and Webserver by Hobbits and customer care by Dwarfs. The guests’ journey to Duendlin is to be made more real by evil Sauron. Should the LOTR Experience management cut down security costs, as by its proposal, of cut of IT budget, eliminating a dedicated database security control, lack of NAC router the LOTR experience will suffer from detrimental consequences, as there will be several vulnerable areas that will be exposed to hackers, who may interfere with the guests’ journey, or even their lives after the three-month journey, since their (guests) information will be available to the hackers. The annual loss of revenue Should access control measures be compromised, the LOTR Experience will suffer a loss of revenue. Since each journey takes three months, the annual revenue will be calculated quarterly. Areas of concern Each department is to be able to access and perform explicitly only the roles intended for it. The database manager, by the implementation of active directory domain service and the THE COST OF INADEQUATE CONTROL 4 query-level access control, should initiate a session for each member of the overall database – guest and staff logins, and privileges. The database software, the MSSQL should have the latest software update, so as to have the latest firewall definitions. Potential risks Should there be lack of a dedicated database security specialist in the LOTR Experience company, the database, as well the general site will be under huge risk, due to unequipped measures to handle them. SQL injection may be one of the main threats the company will face. This is the illegal insertion of unauthorized control statements into the database through a weak channel. Based on the intent of the hacker, he may gain access to the entire database. SQL injection can be prevented by dynamic profiling, based on the query level access, which can be best controlled by a security analyst. The query-level access creates profiles for each user, as well as application patterns. Any anomaly in the pattern are identified immediately Database platform vulnerabilities – are those found in the database’s operating system. The vulnerabilities can be initiated in the system by installation of unauthorized and malicious services that have the trojan threats within them. A security analyst adeptly knows the required software for every task in the database, as well as their legitimate sources; hence will get only the software approved and safe for the company. Weak audit trail. An audit trail is an automated recording of all sensitive processes taking place in the organization. A security analyst is adept in audit trails that include regulatory risk (to see that all the company’s strategies are in par with the set government’s set standards), deterrence (example using video cameras to record all those entering the LOTR premises) and THE COST OF INADEQUATE CONTROL 5 detection and recovery of the system, should there be an attack. The absence of a security analyst will result in failure to cover any of the above threats. Denial of service. Perhaps this is the objective of very many malicious hackers, in exchange for ransom by the companies. This is the denial of access of services to the users of the website. After successful access and control of the system, the hacker can initiate DOS attacks, such as: logging out guests and denying them session logins (which can apply to all other staffs), overloading the server memory with redundant processes so that no space is left for everyday tasks or even and bringing the whole server down. It is therefore imperative to have a dedicated security analyst to see to it that all these threats are identified, avoided and prevented beforehand; and should any threat manage to penetrate and affect any part of the system, it is done away with, and the LOTR recovers to its daily functioning. The Network Admission Control router The NAC router is a form of network access control that limits access to networks to identity so that only the positively identified devices access the relevant resources over a network. The NAC method includes receiving data signals from one endpoint device, identifying the most relevant NAC protocol for it, implementing the protocol at the network access end of the device, and forwarding the network access. Traffic is classically directed to the device using Virtual Local Area Networks (VLANs) (Yadav, N., Mahamuni, A., Ozakil, A., Akyol, B. A., Feng, P., Enderwick, T. J., ... & Valliappan, S.,2015) NAC routers are to be used in the LOTR network system so that network administrators can authenticate, authorize and facilitate wireless and wired users, as well as their machines, before allowing them into the network. This Is important in the network, more so by use of THE COST OF INADEQUATE CONTROL 6 guests into the LOTR system. Cookies will be able to be stored in the user’s browsers for easier navigation and selection of items in the LOTR site., Should the NAC service lack, anyone with any device will be able to access the system, giving more chances to hackers to get other’s sensitive information. The NAC vendors include the Cisco® Inc., which is the maker of the product. It provides the all-round information about the uses of the system, as well as its system requirements, and how to use the product CNET is an online tech products reviewer. It gives the detailed specifications of the Comm Works Total Control 1000 Access Router NAC, at their spec’s website. Conclusion It is imperative for a business that uses networked resources to have security analysts, chiefly because that personnel will be able to combat the ever-rising threats, which occur frequently, as well as maintaining the integrity of the company. Such is profitable for any business for it will increase its trustworthiness, and maintain good customer hold in the market. The LOTR Experience should maintain its security budge, so as to allow periodic updates of its security systems and retain its security analyst so that the whole framework be immune to malicious hackers, and programs. THE COST OF INADEQUATE CONTROL 7 References Shulman, A., & Co-founder, C. T. O. (2006). Top ten database security threats. How to Mitigate the Most Significant Database Vulnerabilities. Yadav, N., Mahamuni, A., Ozakil, A., Akyol, B. A., Feng, P., Enderwick, T. J., ... & Valliappan, S. (2015). U.S. Patent No. 9,071,611. Washington, DC: U.S. Patent and Trademark Office. Pearce, M., Zeadally, S., & Hunt, R. (2013). Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2), 17. Cisco Systems, Inc. (2012). Getting Started with Cisco NAC Network Modules in Cisco Access Routers. Retrieved from https://www.cisco.com/c/en/us/products/interfaces-modules/nacnetwork-module-integrated-services-routers-isr/index.html https://www.cisco.com/c/en/us/td/docs/security/nac/appliance/installation_guide/netmodule/nacn mgsg.html CNET. 3Com CommWorks Total Control 1000 Access Router NAC - router - plug-in module. Retrieved from https://www.cnet.com/products/3com-commworks-total-control-1000access-router-nac-router-plug-in-module/specs/ ...
Purchase answer to see full attachment

Tutor Answer

Thomas574
School: UC Berkeley

hello, i'm ...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors