The marketing department is crucial to the operation of the business. Therefore, computers in the marketing department will be secured through deployment of anti-malware programs, intrusion detection and prevention systems, firewalls and use of security policies. Access policies will be tailor made to control who uses the computers. Sales force comprises of the sales department personnel. Because most of the time these users are telecommuting, their computers and laptops must be secured. External users will be authenticated before they are allowed to connect to the company resources. The administrator will check external laptops given to the sales force to ascertain company approved patches and antivirus. As part of the configurations, the administrator will determine the public facing IPs of the server or the Fully Qualified Domain Name of the server. All the mobile telecommuters will be registered and allowed direct access through the DirectAccess settings in the Group Policy Object. In case of theft, personal computers will not be useful because they require authentication privileges held by the certified user only.
The organization is recommended to set up a VPN connection to support internal and external users. Intranet based VPNs connects the organizational diverse locations with the headquarters. Connectivity is essentially for file and application sharing. IPSec is mostly used to create this kind of networks. For remote connections, telecommuters are enabled to access the organizations pool of resources through a dial up service via a local internet connection. Remote users will be required to dial up a local internet connection which will initiate a secure IPSec-based VPN connection to the organization.
Workstations within the building and the server will be secured by use of host based intrusion detection and prevention system. Host intrusion detection systems are security methods used in computers and network management. In HIDS, anti-threat applications such as spyware-detection programs, antivirus software’s and firewalls are installed on every networks computer. This is applicable in two-way access platforms such as the internet and gathers information from various sources and analyses it to identify possible areas of attacks. HIDS is, therefore, suitable for business critical hosts and servers in a DMZ that are compromised more frequently . Demilitarized zones add an additional layer of security to the organizations network because any attacker can only access the external-facing components of the network instead of the whole network. Data in the external facing layer require lowest security while those on the inside require first priority protection. Thus, DMZ is worth implementing.
The data in the company’s databases is crucial for continued business operations and should be protected. Different types of users have got access to this data. Sales force, administrators, and managers will access information at different levels of access. Sales force will be granted access to associated functions such as updating the sales tables among others. However, they will be denied editing or deleting user information. Administrators will have the overall duty of creating accounts for each user and updating their details. Managers will oversee the sales departments operations, targets, and related functions. Thus their access rights are higher than those of the sales team.
OS hardening is done to eliminate all the possible threats.
For server hardening, the guest accounts are disabled while administrator accounts are changed regularly.
In the same way, unneeded services should be turned off to protect the network from possible attacks. For Cisco routers, the following services can be disabled; tcp small-servers, udp small-servers, no ip source-route, finger protocol and no ip identd.
The implementation of this security features is expected to take a period of four months. The company will set up a VPN network to accommodate telecommuting users. This will take a month. Second, host based intrusion and prevention systems will be installed on all the workstations. This will proceed one department after the other. It is expected to take approximately one month until completion. Finally, testing of the systems will be conducted to determine their efficiency. The testing process will take two weeks.
Testing will determine effectiveness of the systems put in place. Remote access functionalities will be tested via the use of wrong credentials to determine if access and authentication will be granted. If denied on the network, the system is effective. Likewise, network traffic to the internal workstations and servers will be tested. The process will utilize known malware to try to intrude into the system. If the attack in unsuccessful, the system will be considered up to date in terms of security.
Event logging helps in tracking events that have taken place in a given software. One mechanism that will be used is that of Windows NT ebent log. This will enable logging to be enabled in the departments. The events that need to be logged include the errors that occurred, the triggers that occurred in the system. There will also be the need to catch the people who logged into the system. All changes to the database should be captured in the data logs. It is also important to captuer the errors that are encountered while using the systems. These will help in handlig and solving the problems that are met in the system. The events should be logged in everytime there are changes that take place. The changes can be saved daily. This will give all the details that are required. The daily routine will also make the data logs readable.
Antivirus product recommendation
There is a need to have anti-virus to be used in the emtire organization. This will protect the computers from attacks and viruses that innocent users mightget while surfing the internet. I would recommend Kaspersky product as an antivirus to be used in the organisation. The reason I choose this is because of the fact that it is easy to be updated in the servers. The anti-virus will get updates from the server. This will mean that the users will not be tasked with updating the antivirus. The antivirus also gets patches frequently.
One mechansim that can be set to monitor security alerts in the server is to have security gateways sebnding alerts for different events. The security gateway from the server will then send the alerts to the SmartView Monitor client that belongs to the system administrator. This is an effective mechanism as the system administrator does not have to manually check the server.
There are moments that the system administrator is required to check the alert log manually and not using automated logs. Thiis is when there is a pattern that the administrator needs to confirm. This pattern can be broken and some new insights can be laernt. There are also situatins where the administrator want to know if the automation process of alerts has been compromised. The logging system could be compromised. This needs to be checked. The manual checking of the security logs is important and should be undertaken by system administrators from time to time.
Timeline recommendation process
The recommendation timeline for the implementation to take place is one week. This is because there is a need to undertake the testing of the system and configuartion. The purchasig of the anti-virus will be a day and the rest will be to configure this antivirus in the server. The implementation and the testing of the antivirus in the server will take place in 3 days. This is because there is a need to undertake appropriate testing.
There will be the need to undertake testing of the systems so that there is assurity that the security of the system is working optimally. There will be the need to test working of the antivirus. There will be the need to check the upates of the antivirus. Suspicious sites will be visited by the administrator and will check if the antivirus will respond to these sites and the security threats that they pose to the network.
There will alos be the need to test the system ro check if the administrator has absolute rights. A username of an ordinary user ro check if the system will reject that name.
Brian Caswell, J. B. (2008). Snort 2.1 Intrusion Detection, Second Edition. Syngress.
Kizza, J. M. (2009). A guide to computer network security. Springer.
Kurose, J., & Keith, R. (2012). Computer networking. New York: Pearson Education.
Mansfield-Devine, S. (2011). DDoS: threats and mitigation. Network Security. Springer .