Security Policy to stop Sniffing and Man-in-the-middle attack
Man-in-the-middle attack is a type of an attack where a malicious individual inserts himself into conversation between two parties; this actor impersonates the parties and then gains access to transmitted information between the two parties. The MITM allows the malicious actor to intercept, send and receive data not meant to be sent or even sent between the two parties without the knowledge of any party.
So as to help World-Wide Trading Company avoid becoming a victim of Sniffing and Man-in-the-middle attack, the following best practices must be followed:
Implementing a very comprehensive solution for email security which can detect in real time malicious activities. The company should have a security staff that will help in monitoring and monitoring the Man-in-the-middle attacks. The company should also have in place a technology embedded into its security architecture to help in minimizing the risks associated with Man-in-the-middle attack breaches.
Implementing a web security solution which can detect in real time any anomalous and malicious activity. This implementation will provide the company with a visibility to the web traffic generated by the end user community and the system as well at port and protocol layers. World-Wide Trading Company should also have forensic and security intelligence teams.
User credential should be checked regularly. All passwords should be complex, secure and should be updated regularly after three months. This will help company’s protection by making the credentials very difficult to crack.
Educating company employees to prepare them for advanced attacks, this can be achieved by educating them on patterns, dynamics, frequency and samples of methods of attack attempted on other companies.
Encryption; there should be a strong encryption between the server and the client. The server authenticates the request by the client by presenting a digital certificate, then the connection is established, this will help in preventing sniffing.
2.1 Acceptable use policy
You must only use computers, computer files, and computer accounts which you have authorization
You may not use other person’s accounts
You should make an effort to protect and secure your passwords
For network maintenance and security purposes, authorized persons may monitor the systems
2.2 Disaster Recovery Plan
Build up a possibility arranging approach proclamation
Conduct business sway examination
Distinguish preventive controls
Create recuperation techniques
2.3 Incident Handling Procedures
Isolate the system
Identify the problem
Contain the problem
Inoculate the systems
Return to normal operating mode
2.4 Password Policy
Minimum length; passwords should have a minimum of 8 characters with a combination of special and alphanumeric characters
Password composition; it should not be composed of ordinary words
Password storage; it should be memorized and never recorded or written down along with the corresponding usernames or account information
Password aging; should be changed at least once in a year
Password transfer and sharing; passwords should not be shared or transferred unless users get appropriate authorization
2.5 Remote Access Policy
This specifies how company remote users can connect to company’s network and requirements for each system before connection is allowed (Linden, 2013). This specifies: types of personal firewalls they can run; antivirus programs that can be used by remote users and how often to update; and other protection against malware or spyware.
2.6 Authentication and Authorization
This will be achieved by unique and individual login and will need authentication which is a password and a username combination. The following methods can be used to provide access: User-based access, role-based access, and context-based access.
2.7 Network Access Policy
You may not switch your IP address or change you IP address with anyone
You should understand how an equipment will operate on the network before you connect
You may not connect to World Wide Trading Company network without an IP address
2.8 Backup policy
Full backups should be retained for a minimum of 2 months
Incremental backups should be retained for 1 week or until next full backup
Monthly full backups should be retained for 1 year
2.9 Workstation and Server Security
All servers should be registered within corporate enterprise management system
Applications and services that are not used must be disabled
Enable password protected screen savers to make sure that workstations are protected
Ensure that workstations are used only for the authorized business purposes
2.10 Security Awareness Training Policy
Educate users on how to create good passwords
User responsibility for computer security
2.11 Data Classification and Security Policy
Data should be classified according to risks associated with the data being processed and stored. The data with highest risk level requires greatest level of protection so as to prevent any compromise. The data with low risks needs less protection
2.12 Network Security Controls
The company should ensure that it implements the following strategies in order to address security concerns; reference monitors for access control, encryption for integrity and confidentiality, and overlapping controls to get defense in depth. This will provide protection for network infrastructure and communication, network boundary, and access to computing environment.
Linden, A. (2013, July). The importance of technology management in the ICT requirements definition process. In Technology Management in the IT-Driven Services (PICMET), 2013 Proceedings of PICMET'13: (pp. 2283-2295). IEEE.