1. From the list below, pick the four most significant attacks you would consider in protecting a network infrastructure from. For all four attacks you select, create High Level Security Policies (e.g. Encryption Policy, Network Security Policy, etc.) and describe mitigation technologies you would use to defend against each attack you selected: -Identity spoofing -Virus/worm/Trojan horse -Rogue devices -Sniffer -Man-in-the-middle (MITM) -War dialing/driving -Direct access -ARP redirection/spoofing -Remote control software -Buffer overflow See Question1.xlsx for examples of mitigation technologies. 2. Research a case that has been in the news in the last few years where a major security breach occurred on a wireless network. Find a case where attackers got in via the wireless network, but then penetrated farther into the network, resulting in severe damage. Write two or three paragraphs describing you found. Below are some components of a security policy and examples of security policies According to RFC 2196, “Site Security Handbook” A security policy is a formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide. A security policy informs users, managers, and technical staff of their obligation for protecting technology and information assets. In general, a security policy should include at least the following items: • An access policy • An accountability policy • An authentication policy • A privacy policy • Computer-technology usage, configuring, and auditing policies. Below are key components of creating security policies Acceptable Use Policy Password Policy Backup Policy Network Access Policy Incident Response Policy Remote Access Policy Virtual Private Network (VPN) Policy Guest Access Policy Wireless Policy Third Party Connection Policy Network Security Policy Encryption Policy Confidential Data Policy Data Classification Policy Mobile Device Policy Retention Policy Outsourcing Policy Physical Security Policy Email Policy Example of creating of Network Access Policy The following sections describe process for creating Network Access Policy one of the components of security policies. 1.0 Network Access Policy First define the purpose of this policy. Purpose The purpose of this policy is to describe what steps must be taken to ensure that users connecting to the corporate network are authenticated in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function. This policy specifies what constitutes appropriate use of network accounts and authentication standards. Next you need to define the scope of policy. Scope The scope of this policy includes all users who have access to company-owned or companyprovided computers or require access to the corporate network and/or systems. This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network. Public access to the company’s externally-reachable systems, such as its corporate website or public web applications, is specifically excluded from this policy. 1.1 Account Setup During initial account setup, certain checks must be performed in order to ensure the integrity of the process. The following policies apply to account setup: Positive ID and coordination with Human Resources is required. Users will be granted least amount of network access required to perform his or her job function. Users will be granted access only if he or she accepts the Acceptable Use Policy. Access to the network will be granted in accordance with the Acceptable Use Policy. 1.2 Account Use • Accounts must be created using a standard format (i.e., first name-last name, or firstinitial-lastname, etc.) • Accounts must be password protected (refer to the Password Policy for more detailed information). • Accounts must be for individuals only. Account sharing and group accounts are not permitted. • User accounts must not be given administrator or 'root' access unless this is necessary to perform his or her job function. • Occasionally guests will have a legitimate business need for access to the corporate network. When a reasonable need is demonstrated, temporary guest access is allowed. This access, however, must be severely restricted to only those resources that the guest needs at that time, and disabled when the guest's work is completed. • Individuals requiring access to confidential data must have an individual, distinct account. This account may be subject to additional monitoring or auditing at the discretion of the IT Manager or executive team, or as required by applicable regulations or third-party agreements. 1.3 Account Termination When managing network and user accounts, it is important to stay in communication with the Human Resources department so that when an employee no longer works at the company, that employee's account can be disabled. Human Resources must create a process to notify the IT Manager in the event of a staffing change, which includes employment termination, employment suspension, or a change of job function (promotion, demotion, suspension, etc.). 4.4 Authentication User machines must be configured to request authentication against the domain at startup. If the domain is not available or authentication for some reason cannot occur, then the machine should not be permitted to access the network. 4.5 Use of Passwords When accessing the network locally, two-factor authentication (such as smart cards, tokens, or biometrics) is required. 4.6 Remote Network Access Remote access to the network can be provided for convenience to users but this comes at some risk to security. For that reason, the company encourages additional scrutiny of users remotely accessing the network. Due to the elevated risk, company policy dictates that when accessing the network remotely two-factor authentication (such as smart cards, tokens, or biometrics) must be used. Remote access must adhere to the Remote Access Policy. 4.7 Non-Business Hours Since the company's business does not require overnight network access, the company must restrict account logon during off hours. To allow for reasonable non-business-hours work, for these purposes `off hours' is defined as the hours between 10:00PM and 5:00AM local time on weekdays. On weekends, account access should be disabled 24 hours per day. However, this will be implemented at the discretion of the IT Manager depending on the business need for weekend or off-hours access. Exception to this policy will be granted on a case-by-case basis 5.0 Enforcement This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.