Premium Essay

Richman Investments

In: Computers and Technology

Submitted By Icey
Words 427
Pages 2
For Richman Investments the users are the biggest threats so I would give access keys in various levels and to various departments. With that being said I would set renewal of password anywhere from 28 days to 6 months apart depending on department and job in the company. Have basics such as firewall and full antivirus software as well as restricted upload and download abilities.

Administrators could have the option of layering security by enforcing the use of PIN numbers, hardware tokens, client certificates and other forms of secure authentication on top of AD or LDAP (Lightweight Directory Access Protocol). After implementation of several security policies, I would create a SSL(Secure Socket Layer) VPN ( Virtual Private Network) network, a form of VPN that can be used with a standard Web browser. In the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. SSL VPN doesn’t require specialized client software on the user computer.

For site to site we would just use VPN to secure the network data and encrypt it for security measure. An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs. SSL Portal VPN is a type of SSL VPN allows for a single SSL connection to a Web site so the end user can securely access multiple network services. The site is called a portal because it is one door (a single page) that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies the user to the gateway by using an authentication method supported by the…...

Similar Documents

Premium Essay

Richman Investments

...Acceptable Use Policy (AUP) Greetings RI Security Officer, Richman Investments expresses the acceptable and unacceptable use of the Internet and e-mail access. The following report will address the “Acceptable Use Policy” (AUP) standard at Richman Investments. All users of Richman Investments agree to and must comply with this Acceptable Use Policy (AUP). Richman Investments does not control or review the content of any Web site. However, Richman Investments may block or remove any materials that, in Richman Investments sole discretion, may be illegal, or which may violate this AUP. Richman Investments may cooperate with legal authorities and/or third parties in the investigation of any suspected or alleged crime or civil wrong. Violation of this AUP may result in the suspension or termination of either access to the Services and/or Richman Investments account or other actions as deemed appropriate. User Responsibilities: These guidelines are intended to help you make the best use of the Internet resources at your disposal. You should understand the following. 1. Richman Investments provides Internet access to staff to assist them in carrying out their duties for the Company. It is envisaged that it will be used to lookup details about suppliers, products, to access client information and other statutory information. It should not be used for personal reasons. 2. You may only access the Internet by using the Richman Investments content scanning software, firewall and......

Words: 621 - Pages: 3

Premium Essay

Security Plan Outline for Richman Investments

...Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments. Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion detection on inbound......

Words: 501 - Pages: 3

Premium Essay

Richman Investment Sscp

...SSCP for Richman Investments Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff.   Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments.     Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for......

Words: 308 - Pages: 2

Free Essay

Richman Investments Security Outline

...Richman Investments Security Outline Welcome to Richman Investments (RI) where we strive to bring you the most secure, reliable, and available resources that we can offer. We know that work needs to be done and that most of you aren’t aware of the security procedures taking place behind the scenes. We have devised a summary of the seven domains of the company and its security model. Please take the time to read this over and understand the implications of not following company guidelines, procedures, and policies. The user domain contains the users and/or employees that will be accessing resources within the organizations information system. A user can access systems, applications and data within the rights and privileges defined by the AUP (acceptable use policy). The AUP must be followed or the user may be dismissed or have their contracts terminated. With the user domain being one of the most vulnerable aspects of any organization, there are a wide variety of user related threats ranging from lack of awareness to blackmail and extortion. Employees are responsible for their own actions when using company assets and the HR department will be doing background checks on all employees within the company to ensure integrity within the workforce. Enforcement of the user level domain will include the use of RFID badges and pins for all areas of the facility and rooms that require special access. The workstation domain is where most users connect to the organizations......

Words: 1016 - Pages: 5

Premium Essay

Richman Investments

...Richman Investments Internal Use Only The Internal Use Only data classification standard at Richman Investments is in place to protect the personal and account information of our clients and our work force. Our data classification standard will include the User Domain, Workstation Domain, and the LAN Domain. This will cover all personnel and their workstations, all the physical components, as well access to the internet and company databases and any information in between. The User Domain which defines what information an employee can access. The User Domain will enforce an acceptable use policy (AUP) .Our AUP will define how the internal use data is used by each employee. All personnel gaining access to the company data base must read and sign the AUP policy and strictly adhere to Richman Investments acceptable use policy. This includes any contractor or third-party representatives. All users must sign this AUP prior to gaining any access to the company network. Any unauthorized use or breach of this policy in any manner can be cause for punitive action or dismissal. The Workstation Domain includes all workstations and media devices approved for use on the company network. No personal devices or removable media may be used on Richman Investments network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to have an account created to access the company network. All users will then be able to......

Words: 461 - Pages: 2

Premium Essay

Richman Investment Remote Access Control Policy

...Richman Investment Richman Investment Remote Access Control Policy Document Remote Access Control Policy Document 01/14/14 01/14/14 Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy - Passwords 5 6.1 Choosing Passwords 5 6.1.1 Weak and strong passwords 5 6.2 Protecting Passwords 5 6.3 Changing Passwords 5 6.4 System Administration Standards 6 7 Applying the Policy – Employee Access 6 7.1 User Access Management 6 7.2 User Registration 6 7.3 User Responsibilities 6 7.4 Network Access Control 7 7.5 User Authentication for External Connections 7 7.6 Supplier’s Remote Access to the Council Network 7 7.7 Operating System Access Control 7 7.8 Application and Information Access 8 8 Policy Compliance 8 9 Policy Governance 8 10 Review and Revision 9 11 References 9 12 Key Messages 9 13 Appendix 1 10 Policy Statement Richman Investments will establish specific requirements for protecting information and information systems against unauthorised access. Richman Investments will effectively communicate the need for information and information system access control. Purpose Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of Richman Investments which must be managed with care. All information has a value to the Council. However, not all of this information has an......

Words: 2211 - Pages: 9

Premium Essay

Multi-Layered Security Plan for Richman Investments

... David Girten Jr 05 Aug 2013 Multi-Layered Security Plan for Richman Investments User Domain: Main concern at this domain is lack of user knowledge on what different attacks look like and proper response protocols. Here are a few solutions: A) Training: send emails on security best practices; alerts on common and new attack vectors; hold company-wide training segmented throughout the day; place Infosec, Opsec posters and incident response procedures in every space B) Auditing of user activity: Setup a script to run on the proxy server utilizing a dirty word list to search user internet usage Workstation Domain: Main concern here is unauthorized access and out-of-date anti-virus software. Here are some solutions: A) Anti-virus/Anti-malware: Keep up-to-date with latest patches from vendor websites B) Passwords; Technical Controls: Enable password policies through GPO’s and screen-saver passwords for extra access protection LAN Domain: Main concern here is physical access to network assets. Here are some solutions: A) Securing high-priority systems: Establish access lists; combo/cipher locks for server and switch rooms; also have a sign-in sheet for contractors and tech-reps working on-site B) Implement Kerberos as another secure means of identifying users over a non-secure network LAN to WAN Domain: Main concern here is the attempt for attackers to scan the network. Here are some solutions: A) Install IDS/IPS on the network to monitor and combat network anomalies;......

Words: 390 - Pages: 2

Premium Essay

Richman Investments

...Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic through an AUP. Acceptable use policy (AUP) would start with the User Domain. The user domain is the employee within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain, access to the LAN to WAN, web surfing, and internet could be used help gather information between customers and employees. LAN to WAN is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can obtain on company time with company resources. Internet, is when the user has access to the internet with the types of controls the organization has on the certain internet sites being accessed. Although LAN to WAN, web surfing, and internet have some of the same characteristics, they also have different specific IT infrastructures it affects. . For the LAN to Wan AUP, it will goes with the roles and task parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is a more of a rulebook for employees to follow when using the organization’s IT assets. If the AUP is violated, it could be grounds for termination from the company. The AUP will set rules for......

Words: 1029 - Pages: 5

Premium Essay

Richman Investments “Internal Use Only” Data Classification Standard Brief Report

...RICHMAN INVESTMENTS “INTERNAL USE ONLY” DATA CLASSIFICATION STANDARD Brief Report This Brief Report is to describe Richman Investments policy of “Internal Use Only” data classification standard. This document is to be used as an informational guide for any employee or third party representative who is to access any or all of Richman Investments internal data base information system. To access Richman Investments internal data base any user, employee or third party representative must agree to the acceptable use policy (AUP). “While confidential information or data may not be included, communications, documents or any data are not intended to leave the organization.” (Beecher, 2013) There are 3 types of IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments listed as follows: User Domain is the first layer of the infrastructure and is defined as any person (single user) accessing Richman Investments internal data base information system who has agreed to the AUP. This Domain defines the user permissions. This is where the IT department defines what access each individual user will have on the network. This is considered to weakest link in the company’s infrastructure. Workstation Domain is the second layer of the infrastructure and is defined as the first access point to the Richman Investments internal data base information system, applications and data. This layer requires a login and password......

Words: 440 - Pages: 2

Premium Essay

Richman Investments

...Richman Investments Introduction to Computer Security Richman Investments Hello, my name is Max and I’m here today to give you a brief on Richman Investments “Internal Use Only” data clarification standards. I will cover what this means to the company and to you. I will also cover three different information technology infrastructure domains that we use and how these are affected by the “Internal Use Only” standard. This also applies to you the end user working here at Richman Investments. This is a vital brief to safeguard and keep all of our client’s information safeguarded from all outside sources. So, let’s begin. First, let me explain to you what “Internal Use Only” data clarification standard means. A standard is a detailed written definition we here at Richman Investments have come up with. It is to help put in place certain security controls that are used throughout our information technology infrastructure and how you need to abide by this. The second part of this is the “Internal Use Only”. This is information we have here that is only to be shared internally between this organization and it is intended to never go outside of this organization. If it does, it could cause many clients’ personal information to be used by other people. The bottom line is that you are responsible to safe guard all “Internal Use Only” information by following some simple security controls that I will now go over with you (Kim & Soloman, 2012). The weakest link in......

Words: 940 - Pages: 4

Premium Essay

Richman Investments Part 1

...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...

Words: 340 - Pages: 2

Premium Essay

Richman Investments “Internal Use Only” Data Classification Standard

...RICHMAN INVESTMENTS “INTERNAL USE ONLY” DATA CLASSIFICATION STANDARD Brief Report This Brief Report is to describe Richman Investments policy of “Internal Use Only” data classification standard. This document is to be used as an informational guide for any employee or third party representative who is to access any or all of Richman Investments internal data base information system. To access Richman Investments internal data base any user, employee or third party representative must agree to the acceptable use policy (AUP). “While confidential information or data may not be included, communications, documents or any data are not intended to leave the organization.” (Beecher, 2013) There are 3 types of IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments listed as follows: User Domain is the first layer of the infrastructure and is defined as any person (single user) accessing Richman Investments internal data base information system who has agreed to the AUP. This Domain defines the user permissions. This is where the IT department defines what access each individual user will have on the network. This is considered to weakest link in the company’s infrastructure. Workstation Domain is the second layer of the infrastructure and is defined as the first access point to the Richman Investments internal data base information system, applications and data. This layer requires a login and password......

Words: 306 - Pages: 2

Free Essay

Richman Investments

...Here is an outline of the general security solutions plan for the data and safety information for Richman Investments. This plan can be presented to senior management who needs this report for the month. This is a multi-layered security system that consists of the user’s domain. The user is the first and the weakest link in any system. The security is only as strong as the user’s ability to understand what can go wrong. We can implement a training program session for security awareness. Another security measure is to implement a policy to stop employees from bringing in CD’S, DVD’S, and USB’S or other personal devices into the work place that can connect to the network and possibly harming the system. The work station domain is where users first access the system, applications, and the data. The system should be password coded for authentication purposes. Applications and data ought to be monitored and permissions set accordingly. Downloading should also be limited to only those people with the proper permissions. The LAN domain is a collection of computers all connected to a central switch configured to run all of the company’s data. The LAN would have all the standards, procedures, and guidelines of all the users. I would insure all information closets, demark locations and server rooms are locked and secured at all times. Only those with proper ID or authorization would be allowed to access these locations. The LAN to WAN domain contains both physical and......

Words: 479 - Pages: 2

Premium Essay

Richman Investment Remote Access Security Policy

...Richman Investment’s Remote Access Security Policy 1) Wireless Access At Richman Investment’s when the network is accessed remotely via wireless appropriate wireless security standards will be used. • Wired Equivalency Protocol (WEP) will be used as standard on Wi-Fi connections. • A WEP encryption key will be used. • The network will be configured not to advertise its presence. • The power of access points will be turned down to a minimum that still allows the access point to function. • Due to the possibility of cracking Wireless Encryption Protocol using sniffing software such as AirSnort all wireless access points will be outside the firewall. • Wi-Fi Protected Access (WPA) will be used where it is available. 2) Secure Access via VPN Access from remote users to the corporate network will be via secure IPSEC VPN or SSL VPN connections only. This is necessary to secure the connection from the remote device to the corporate network. 3) Prevention of Data Loss All laptops and PDA’s that are taken off site will have the following security configured, to prevent data loss in the event of theft. • The hardware password will be enabled if available. • All corporate data on the laptop or PDA will be encrypted using appropriate encryption software. • Sensitive documents will be accessed remotely and not downloaded to the laptop or PDA. 4) Remote Device Protection To prevent remote PC’s, laptops, PDA’s etc from compromising...

Words: 349 - Pages: 2

Premium Essay

Remote Access Control Policy for Richman Investments

...Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge, or token. Using a combination of ownership authentication and knowledge authentication...

Words: 298 - Pages: 2