Transcribed Text
1. From the list below, pick the four most significant attacks you would consider in protecting a
network infrastructure from. For all four attacks you select, create High Level Security Policies
(e.g. Encryption Policy, Network Security Policy, etc.) and describe mitigation technologies you
would use to defend against each attack you selected:
-Identity spoofing
-Virus/worm/Trojan horse
-Rogue devices
-Sniffer
-Man-in-the-middle (MITM)
-War dialing/driving
-Direct access
-ARP redirection/spoofing
-Remote control software
-Buffer overflow
See Question1.xlsx for examples of mitigation technologies.
2. Research a case that has been in the news in the last few years where a major security breach
occurred on a wireless network. Find a case where attackers got in via the wireless network, but
then penetrated farther into the network, resulting in severe damage. Write two or three
paragraphs describing you found.
Below are some components of a security policy and examples of security policies
According to RFC 2196, “Site Security Handbook”
A security policy is a formal statement of the rules by which people who are given access to an
organization’s technology and information assets must abide.
A security policy informs users, managers, and technical staff of their obligation for protecting
technology and information assets.
In general, a security policy should include at least the following items:
• An access policy
• An accountability policy
• An authentication policy
• A privacy policy
• Computer-technology usage, configuring, and auditing policies.
Below are key components of creating security policies
Acceptable Use Policy
Password Policy
Backup Policy Network Access Policy
Incident Response Policy Remote Access Policy
Virtual Private Network (VPN) Policy Guest Access Policy
Wireless Policy Third Party Connection Policy
Network Security Policy Encryption Policy
Confidential Data Policy Data Classification Policy
Mobile Device Policy Retention Policy
Outsourcing Policy Physical Security Policy
Email Policy
Example of creating of Network Access Policy
The following sections describe process for creating Network Access Policy one of the
components of security policies.
1.0 Network Access Policy
First define the purpose of this policy.
Purpose
The purpose of this policy is to describe what steps must be taken to ensure that users connecting
to the corporate network are authenticated in an appropriate manner, in compliance with
company standards, and are given the least amount of access required to perform their job
function. This policy specifies what constitutes appropriate use of network accounts and
authentication standards.
Next you need to define the scope of policy.
Scope
The scope of this policy includes all users who have access to company-owned or companyprovided computers or require access to the corporate network and/or systems. This policy
applies not only to employees, but also to guests, contractors, and anyone requiring access to the
corporate network. Public access to the company’s externally-reachable systems, such as its
corporate website or public web applications, is specifically excluded from this policy.
1.1 Account Setup
During initial account setup, certain checks must be performed in order to ensure the integrity of
the process. The following policies apply to account setup:
Positive ID and coordination with Human Resources is required.
Users will be granted least amount of network access required to perform his or her job function.
Users will be granted access only if he or she accepts the Acceptable Use Policy.
Access to the network will be granted in accordance with the Acceptable Use Policy.
1.2 Account Use
• Accounts must be created using a standard format (i.e., first name-last name, or
firstinitial-lastname, etc.)
• Accounts must be password protected (refer to the Password Policy for more detailed
information).
• Accounts must be for individuals only. Account sharing and group accounts are not
permitted.
• User accounts must not be given administrator or 'root' access unless this is necessary to
perform his or her job function.
• Occasionally guests will have a legitimate business need for access to the corporate
network. When a reasonable need is demonstrated, temporary guest access is allowed.
This access, however, must be severely restricted to only those resources that the guest
needs at that time, and disabled when the guest's work is completed.
• Individuals requiring access to confidential data must have an individual, distinct
account. This account may be subject to additional monitoring or auditing at the
discretion of the IT Manager or executive team, or as required by applicable regulations
or third-party agreements.
1.3 Account Termination
When managing network and user accounts, it is important to stay in communication with the
Human Resources department so that when an employee no longer works at the company, that
employee's account can be disabled. Human Resources must create a process to notify the IT
Manager in the event of a staffing change, which includes employment termination, employment
suspension, or a change of job function (promotion, demotion, suspension, etc.).
4.4 Authentication
User machines must be configured to request authentication against the domain at startup. If the
domain is not available or authentication for some reason cannot occur, then the machine should
not be permitted to access the network.
4.5 Use of Passwords
When accessing the network locally, two-factor authentication (such as smart cards, tokens, or
biometrics) is required.
4.6 Remote Network Access
Remote access to the network can be provided for convenience to users but this comes at some
risk to security. For that reason, the company encourages additional scrutiny of users remotely
accessing the network. Due to the elevated risk, company policy dictates that when accessing
the network remotely two-factor authentication (such as smart cards, tokens, or biometrics) must
be used. Remote access must adhere to the Remote Access Policy.
4.7 Non-Business Hours
Since the company's business does not require overnight network access, the company must
restrict account logon during off hours. To allow for reasonable non-business-hours work, for
these purposes `off hours' is defined as the hours between 10:00PM and 5:00AM local time on
weekdays. On weekends, account access should be disabled 24 hours per day. However, this
will be implemented at the discretion of the IT Manager depending on the business need for
weekend or off-hours access.
Exception to this policy will be granted on a case-by-case basis
5.0 Enforcement
This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in
disciplinary action, which may include suspension, restriction of access, or more severe penalties
up to and including termination of employment. Where illegal activities or theft of company
property (physical or intellectual) are suspected, the company may report such activities to the
applicable authorities.
These solutions may offer step-by-step problem-solving explanations or good writing examples that include modern styles of formatting and construction
of bibliographies out of text citations and references. Students may use these solutions for personal skill-building and practice.
Unethical use is strictly forbidden.
1. As common point for all four security threats must be mentioned that in general the mitigation strategies and countermeasures are also included in the security procedures (these extend in practice the security policies where the level of technical detail is lower). At the same time, the security policies must contain WHAT needs to be implemented and not HOW to implement the security measures (the procedures are responsible with this aspect)...