Description
Portfolio Project (200 Points)
ZXY Corporation has relocated to a new building that was wired and set up for a local area network (LAN). The company implemented a client/server-based network in which all printers, folders, and other resources are shared but everyone has access to everything and there is no security outside of the defaults that were in place when the system was set up.
You have been hired to secure ZXY’s network and ensure that the company has the highest levels of security to protect against internal and external attacks. In an 8-10 page proposal, include the following items to provide a comprehensive secure environment:
- A plan to provide secure access control methods for all user access
- A viable password policy, which includes complexity, duration, and history requirements
- A cryptography method to ensure vital data is encrypted
- A remote access plan to ensure that users who access the network remotely do so in a secure and efficient manner
- A thorough plan to protect the network from malware and various types of malicious attacks
Your proposal should include all of the elements noted above with support, detail, and elaboration for each section explicitly grounded in knowledge from the assigned readings and media along with any outside sources you may choose to bring into your writing.
Your paper should be 8-10 pages in length with document formatting and citations of sources in conformity with CSU-Global Guide to Writing and APA Requirements.
Explanation & Answer
Attached.
Running head: ZXY CORPORATION NETWORK SECURITY
ZXY Corporation network security
Student’s name:
Institutional affiliation:
1
ZXY CORPORATION NETWORK SECURITY
2
ZXY CORPORATION NETWORK SECURITY
1. A plan to provide secure access control methods for all user access
Security access control is a core aspect of every computer system. Security access control
occurs in both physical and software or application security. For the case of ZXY Corporation’s
system, physical security will entail securing the server room to ensure that only authorized
person’s access it. This is a key requirement for the case of ZXY because their systems are
accessible by all staff members. The first physical security mechanism that can help secure the
premises is to install physical security devices in the entrance to the premises and the server
room such that only individuals with a smart card can access the premises or the server room
(Simpson & Antill, 2016). Each user is supposed to be issued with a personal smart card, which
is only used by the person, without sharing it with other individuals. In order to ensure that only
holders of specific smart cards access the premises and the server room, the entrance to these
areas needs to be installed with biometric systems, which uses fingerprints to uniquely identify
each user. This will ensure that the premises and the server room have the highest possible
physical access controls.
In regard to application and system access control, ZXY corporation is supposed to
assign each user specific user identification. This will uniquely identify each user to the system
administrator, enabling for easier control and monitoring of user account activity. Each user will
also be required to have a unique password for accessing the system. This will further control
who accesses an account. Apart from that, permissions and views need to be redefined in the
system. This will entail dividing individuals into groups depending with their departments. As
such, members of one department will be allowed to access specific folders and areas of the
system. This access control model is usually called limited access model, where only specified
ZXY CORPORATION NETWORK SECURITY
3
individuals access certain areas, folders, and resources on the system (Ballad, Ballad & Banks,
2011). In this model, only the system administrator will be granted access to all the resources and
user accounts in the system. This is a core aspect of system access control as it ensures that
delicate and confidential materials and areas of the system are only accessed by authorized
individuals. One example of such implementation is using the Oracle label security ad-on, which
ensures that the database is separated into sections, accessible only by authorized users. Another
core access-control strategy for ZXY firm is logging (Simpson & Antill, 2016). This involves
storing log activity of all accounts, especially when accessing delicate and confidential materials.
The activity log will help the corporation to ensure only authorized individuals access the
system. As such, if unauthorized individuals access files, it will be easy to identify who the user
is, and how they managed to...
Review
Review
