Premium Essay

Fundameental of Security Project Part 1

In: Computers and Technology

Submitted By namelessxx
Words 257
Pages 2
Franklin Delarosa | Fundamentals of Information Systems Security | Project Part 1 | 4/3/2014 |

ISP - Internet service provider
Short for Internet Service Provider, it refers to a company that provides Internet services, including personal and business access to the Internet. For a monthly fee, the service provider usually provides a software package, username, password and access phone number. Equipped with a modem, you can then log on to the Internet and browse the World Wide Web and USENET, and send and receive e-mail. For broadband access you typically receive the broadband modem hardware or pay a monthly fee for this equipment that is added to your ISP account billing.
In addition to serving individuals, ISPs also serve large companies, providing a direct connection from the company's networks to the Internet. ISPs themselves are connected to one another through Network Access Points (NAPs). ISPs may also be called IAPs (Internet Access Providers).
WAN - wide area network
A computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs).
Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.

Reference
Internet service provider. (2014, March 4). Wikipedia. Retrieved April 3, 2014, from http://en.wikipedia.org/wiki/Internet_service
WAN - wide area network. (n.d.). What is Wide-Area Network (WAN)? Webopedia. Retrieved April 3, 2014, from…...

Similar Documents

Premium Essay

Project: Part 1 Multi-Layered Security Plan

...Multi-Layered Security Outline To: Richman Investments Senior Management Outline includes: Security solutions for each of the seven domains. User Domain: This is where the first layer of defense starts for a layered security strategy. We will conduct security awareness training, restrict access for users to specific systems and programs, create an acceptable use policy, and track and monitor employee behaviors. Workstation Domain: Start by creating strong passwords to protect workstation access, then enable antivirus protections, and mandate security awareness training to all employees. This domain is almost as vulnerable as the user domain and also needs constant monitoring. LAN Domain: To prevent unauthorized access we can physically secure wiring closets and data centers, implement encryption protection, define strong access control policies and strong second-level authentications. LAN-to-WAN Domain: Disable ping, probing and port scanning, apply strict security monitoring controls, and update devices with security fixes and software patches right away are excellent measures to take. WAN Domain: Use encryption and VPN tunnels for end-to-end secure IP communications, and scan all e-mail attachments for type, antivirus, and malicious software. Back up and store data in off-site data vaults. Remote Access Domain: Establish user ID and password policies requiring periodic changes, set automatic blocking for attempted logon retries, and encrypt all data within......

Words: 257 - Pages: 2

Premium Essay

Information Security Project 1

...Project: Information Security Project 1 Name: Ashiqul Abir Class: NT2580 Date: 02/28/2013 Information security best practice project: The information security best project was housed within the Oxford University computer emergency response team. The project sought build on the knowledge, commentary and information gathered during the 2009 self-assessment exercise. One of the main objectives of the project was to develop an information security toolkit, which includes the policies, guidelines, documentation and education and awareness programmers. Information security: In a devolved environment, such as a collegiate university, it is imperative that policy should not go into retail about how those objectives should be met. It also defines the scope of the policy and identifies roles and responsibilities for security. Information security toolkit: The example polies can be tailored to suit the individual needs of your department, college or hall. The toolkit focuses on some areas like, IT management Operations Network Management Physical Security Building on the 2009 self-Assessment: The 2009 Self-Assessment exercise asked unit within the collegiate university to assess their current approach to IT operations, management and security against recommended best practice guidelines. The information gathered helped the advisory group to understand where further attention, resource, and best......

Words: 280 - Pages: 2

Free Essay

Project Part 1 Multi-Layered Security Plan

...1. Disruption prevention - This is an approach to protect the entire device. A majority of well-known Internet security software falls into this category. They are designed to prevent a broad array of malicious attacks. The goal of device disruption prevention is to identify and prevent viruses from reaching the device, protecting personal information from identity thieves, and eliminating the threat of malware. 2. Important File Protection - Along with this approach, it is also important to add protection for specific valuable files. The well-known Internet security software tends to focus on mission-critical files whereas this type of file protection focuses on data important to the user. This includes family photos, music, documents, and financial records. Once accessed by a malicious hacker, these files present a serious Internet privacy risk. They are not only used for identity theft, but also social engineering schemes such as targeted phishing. 3. Active Internet security - This type of protection is designed to be used anytime a device is connected to the Internet. This includes Wi-Fi hotspots, hotels, airports, and even at home. This layer of security is focused on protecting data as it is transferred to and from the user’s device. The most common way to achieve this is by encrypting data and using secure connections. 4. Active Online Interaction Protection - Online interaction protection is a critical layer of defense against identity theft......

Words: 389 - Pages: 2

Premium Essay

Project Part 1

... Project Part 1 Multi-Layered Security Plan User Domain: * Conduct security awareness training, display security awareness posters, insert reminders in banner greetings, and send email reminders to employees. * Restrict access for users to only those systems, applications, and data needed to perform their job. * Enable content filtering and antivirus scanning for email attachments. * Disable internal CD drives and USB ports. So that users cannot insert personal files such as photos, music and videos. Workstation Domain * Enable password protection on workstation for access. * Enable auto screen lockout for inactive times. * Define strict access control policies, standards, procedures, and guidelines. * Use content filtering and antivirus scanning at internet entry and exit. * Enable workstation auto-scans for all new files and automatic file quarantine for unknown file types. LAN Domain * Make sure wiring closets, data centers, and computers rooms are secure. * Do not allow anyone access without proper ID. * Define strict software vulnerability window policy requiring quick software patching. * Implement encryption between workstation and WAP to maintain confidentiality. * Implement LAN server configuration standards, procedures and guidelines. LAN-to-Wan Domain * Disable ping. Probing and port scanning on all exterior devices within the LAN-to-WAN Domain. * Apply strict security monitoring controls for intrusion detection and......

Words: 450 - Pages: 2

Free Essay

Project Part 1,

...Project Part 1 : Multilayered Security Plan The safety and security of information owned by Richman Investments is extremely important and needs to monitored constantly. Through the following outline I hope to enhance the companies security, update systems and applications and ensure the integrity of the information stored on the network. The outlined areas will be monitored and reported monthly to senior management and will be updated as needed. The following outline will touch on each domain and will include security measures needed for those domains. 1.0 User Domain 2.1 Mobile storage disabled 2.2 Admittance to work area and computer with badge only. No visitors permitted 2.3 Multi-layered authentication with username/password and either token or biometrics 2.4 Training of new hires or quarterly training of current employees on security awareness 2.5 Security software with scanning capabilities to ensure no malware or virus intrusion is allowed. 2.0 Workstation 3.6 Hardware inventory taken quarterly to asses needs for new equipment or updates. 3.7 Software database examined to asses need for updates or antivirus renewal. 3.8 Different departments will be assessed groups in active directory to prevent authorization conflicts or confusion 3.9 Admittance to workstations will only be permitted with proper credentials, badge or token. 3.0 Lan 4.10 All cabinets and server rooms will be......

Words: 656 - Pages: 3

Premium Essay

Project Part 1

...Security Threats Project Part 1: Current Security Threats The top three security threats that Aim Higher College faces are the following: * Mobile devices connecting to the network * Social Media * Compromised routers intercepting sensitive information These threats are the most common that any college faces. The threats have remained at the top of the list every year for a variety of reasons. This list of threats is also unique to college campuses. I will discuss each of the threats in this report. College students love new technology and each year smaller and more powerful devices are hitting the market. Students on the campus have a variety of devices ranging from cell phones, tablets, and laptops. These devices connect to the campus network and are used by students to check email, class schedules, get grades, and many other uses. The challenge is to allow these devices the necessary access and still have a secure network. Each device has to be checked for viruses, spyware, and other types of malware while still maintaining the C-I-A triad. A balance must be found between usability and security. Each time a remote device is connected to the network there is a possibility that the network can be compromised by one these devices. Every device should be authenticated, scanned, and identified. The use of social media has increased in recent years. Students and teachers both use things like Facebook, Myspace, and others. These applications have the......

Words: 326 - Pages: 2

Premium Essay

Project Part 2 It Security

...one of the three information security properties which are Confidentiality, Integrity, and Availability. Confidentiality is affected if the malicious software is successful at disclosing private information. Integrity is compromised if the malware can modify database records either immediately or over a period of time. Availability is affected if malware can erase or overwrite files or inflict considerable damage to storage media. SSCP® Domain Affected Malicious Code and Activity This domain examines the types of Malicious Code and Activities that can threaten the confidentiality, integrity, and availability of a system or information. The SSCP is expected to be familiar with the various types of Malicious Code and know how to implement effective countermeasures to prevent malicious code from operating. The SSCP should also know how to detect, respond and recover from malicious activity on a system whether perpetrated by an internal or external entity and take steps to mitigate the risk of malicious activity. Controls to Protect Against Malicious Code Typical controls to protect against malicious code use technology, policies and procedures, and training, all applied in a layered manner from perimeters inward to hosts and data. The controls are of the preventative and detective/corrective variety. Controls are applied at the host, network, and user levels: Host Level * Host hardening, including patch application and security-minded configurations of......

Words: 953 - Pages: 4

Premium Essay

Intro to Info Security Project Part 1

...User Domain Risk, Threat, or Vulnerability Lack of user awareness • Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to......

Words: 726 - Pages: 3

Premium Essay

Project Part 1 Task 1: Outline Security Policy Scenario

...Project Part 1 Task 1: Outline Security Policy Scenario To stay competitive in the financial institution market, the First World Bank Savings and Loan wishes to provide all banking services online to its customers. These services also include the online use of credit cards for loan applications. The organization estimates over $100,000,000 a year in online credit card transactions for loan applications and other banking services. A task team has been formed to study the cost, performance, and security of maintaining a Linux and open source infrastructure. According to rough estimates, annual cost savings in licensing fees alone can be up to $4,000,000. At the same time, the confidentiality, integrity, and availability (CIA) triad perspective needs to be taken into account for infrastructure maintenance. The task team has engaged a network engineer with the network and routing design. The team has determined the following server services that would be needed to support the online transaction infrastructure: * A database server * A Web server * A file server * A Simple Mail Transfer Protocol (SMTP) server * A Lightweight Directory Access Protocol (LDAP) server All servers would be physically located in a third-party data center. Tasks You need to: Understand the business need of First World Bank Savings and Loan. Point out specific legislation and regulations that meet the statutory compliance criteria. Assess the feasibility of Linux and......

Words: 780 - Pages: 4

Premium Essay

Project Part 1

...Project Part 1 The top three security threats that Aim Higher College faces are the following: Mobile devices connecting to the network, Social Media, and Compromised routers intercepting sensitive information. These threats are the most common that any college faces. The threats have remained at the top of the list every year for a variety of reasons. This list of threats is also unique to college campuses. I will discuss each of the threats in this report. College students love new technology and each year smaller and more powerful devices are hitting the market. Students on the campus have a variety of devices ranging from cell phones, tablets, and laptops. These devices connect to the campus network and are used by students to check email, class schedules, get grades, and many other uses. The challenge is to allow these devices the necessary access and still have a secure network. Each device has to be checked for viruses, spyware, and other types of malware while still maintaining the C-I-A triad. A balance must be found between usability and security. Each time a remote device is connected to the network there is a possibility that the network can be compromised by one these devices. Every device should be authenticated, scanned, and identified. The use of social media has increased in recent years. Students and teachers both use things like Facebook, Myspace, and others. These applications have the potential to transmit malware every time they are used on the......

Words: 543 - Pages: 3

Premium Essay

Nt2580- Project Part 1

...Project Part 1 Multi-Layered Security Plan Outline The following outline is to document the general security solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month. 1. User Domain a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. ...

Words: 779 - Pages: 4

Premium Essay

Project Part 1: Current Security Threats

...IS4560 Week 4 Project Part 1: Current Security Threats The three top security threats I have chosen for Aim Higher College are malware, exploit vulnerabilities, and social networking. Malware in another term that means malicious software. It is used to infiltrate and damage computers without the user’s permission. Some examples of malware are viruses, spyware, worms, Trojans, and rootkits. This is a top security threat because a computer can easily get infected. While students or staff members use the schools computers, they can download music or pictures, and a virus can be attached to those and the computer will get infected right away. Another security threat is exploit vulnerabilities. An exploit is an attack on a computer system, and this exploit will take advantage of vulnerabilities that exist on a system. This is why vulnerabilities need to be mitigated and taken care of right away. If not, attackers will always find a way to get on a system and steal data and personal information. This will affect students because there personal information but be out there to the public without their knowledge. The third threat that I believe is a main concern for this college is social networking. Nowadays everyone uses social networking such as Facebook, Twitter, and etc. The scams on Facebook include cross-site scripting, clickjacking, survey scams, and identity theft. Cross-site scripting is when the site tricks you to go to another webpage and this has hidden malware......

Words: 326 - Pages: 2

Premium Essay

Is3220 Project Part 1

...IS 3220 IT Infrastructure Security Project Part 1: Network Survey Project Part 2: Network Design Project Part 3: Network Security Plan ITT Technical Institute 8/4/15 Project Part 1: Network Survey Network Design and Plan Executive Summary: We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these problems could be mitigated by appropriate education in “hacker thinking” for technical staff. We will take a look at our security on routers and switches to make sure there are no leakages of data traffic. OBJECTIVE We have identified that we have loss some major accounts to competitors whose bids have been accurately just under our bid offers by exact amounts. We also believe due to shared reporting and public Web site functions that our Web servers have been compromised and our RFP documents have been leaked to competitors which enabled them to under bid us. We want to mitigate Web threats in the future; we realize the web is a mission critical business tool. We want to purchase new products and services, that will give us an edge and......

Words: 3355 - Pages: 14

Free Essay

Is 3440 Project Part 1

...INTRODUCTION (Task 1) First World Bank Savings and Loan (also referred to as “us”, “we”, “the company”, etc) has been investigating the use of a Linux-based infrastructure architecture. The task team has already made recommendations to evaluate and prototype this kind of set up. Key factors are cost of ownership, scalability, and reliability. Other factors that remain are maintaining confidentiality, integrity, and availability (the CIA triad), and ensuring stable, secure support of the over $100,000,000 in transactions completed annually. As a financial institution, we must also bear in mind compliance with the Gramm-Leach-Bliley Act (GLBA), as well as the Payment Card Industry Data Security Standard (PCI-DSS) since we process credit card transactions, and the Sarbanes-Oxely Act (SOX) as we are publically traded. Regardless of all these factors, rough estimates indicate we can save close to $4,000,000 in licensing fees alone by moving to a Linux-based infrastructure. Despite the open source nature of Linux, we should be able to meet all of the technical, legal, and security needs for this transition. TECHNICAL INFRASTRUCTURE NEEDS (Task 2) Thanks to the task team assigned to this project, an outline of what the network and routing needs has already been completed. The following services will be required to support: • A database server o Recommended solution: DBMS MySQL • A Web server o Recommended solution: Apache • A file server o Recommended solution: Red...

Words: 1376 - Pages: 6

Premium Essay

Project Part 1 Multilayered Security Plan

...Project Part 1 As of today, millions of threats have become reality in today’s technological world. In order to prevent our network from become one of millions affected, steps to secure all seven domains have to be implemented. The OSI Model consists of these seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical layer. Most frequent attacks start of in the Application layer, and that’s only because it is the layer most of us are familiar with. This layer deals with the user. In order to prevent an attack on this layer security measures need to be set. For example, anti-viruses can scan systems for unwanted malicious programs from contaminating the system by scanning files and drives as well as program that could be potentially downloaded either by accident or on purpose. Policies can also be provided to employees stating that they are only allowed to do certain things on company systems. Once the employee has signed such policy, if they ever violate it, they can be reprimanded or terminated, depending on the severity of their actions. In the Presentation Layer, data is encrypted. In order to protect this layer, a complex for of encryption should take effect. Encryption such as AES could be implemented in order to avoid data from being decrypted easily. The Session Layer deals with communication between hosts. We can protect this layer by using encrypted VPN’s as well as secured connections. The Transport Layer and the......

Words: 472 - Pages: 2