Security strategies on an organization are based on establishing the best user authentication policies. Organizations choose what they deem to best work for them in addition to reducing the cost of managing authentication credentials. Normally three different strategies have been used world over to determine the authentication policies implemented in organizations. These include:
The right tool for the job
One for all strategy
Common platform authentication methods
In order to protect the security of the organization, the following user authentication policies were deemed necessary.
Network access
Password management
An information security policy defines a set of instructions and guidelines defining the behavior of users in relation to accessing the resources of the organization. The two user authentication policies implemented to safeguard the security of the firm include:
IT ACCESS CONTROL POLICY
Network Access control
Network use Policy
The firm will allow connection to its network to only genuine and authenticated users. Company’s network should be used for production purposes alone. Employees will be granted access to permitted networks while other networks will only be accessed after specific authorization has been granted (Gildas Avoine, 2007).
Authentication for external connection
All remote users will be authenticated in order to access information resources such as company resources. The Chief administrator is vested with the powers to determine the authentication procedures and credentials required for each remote user.
Account and password management
User Responsibilities
The scoped of this policy includes users in the organization responsible for managing accounts for any project or system that requires a password.
User password Rules
- All user passwords shall be kept confidential and stored securely. Users should use their passwords in a way that promote good security practices.
- Passwords should not be written down on any material whatsoever
- All passwords are considered firm’s confidential information. They should not be shared with any other persons including administrators.
- Users that suspects that his account or password has been compromise should report to the security department immediately and necessary investigation conducted immediately.
- Shared passwords should be changed regularly and should not be used for more than 45 days. For temporary passwords the change should be effected as part of the login procedure.
- Systems should be configured such that after 3 unsuccessful logins it locks the specific accounts. Resetting the accounts will be done by the administrator after successful audits. Passwords should not be stored in whatever format in the company’s computers or other media Password registration and deregistration
The registration and deregistration of accounts and passwords in the organization will be managed personally by the system administrator in liaison with other relevant human resource personnel. The process of registering and deregistering passwords will be done in an efficient and accountable manner bearing in mind the consequences of issuing accounts and passwords to unauthorized passwords.
Passwords will be constituted using the following rules and combinations
- Lower case characters, a, b, c, d
- Upper case characters, A, B, C, D E ..
- Punctuations ?, “, ,, :, ;
- Numbers 1, 2, 3, 4, 5, 6
- Special characters such as $@&+=()%><:”;’
- Passphrases
Passphrases will be put to use to elongate user access credentials for better security.
Passphrases created in this scenario should be more than 30 characters long, makes a series of characters that result in a phrase and do not arise from common words or those indicated in the dictionary. Other than passphrases, security issues will be reduced through the use of hierarchical or single instance passwords for accounts to sensitive company information. Single use-single-session passwords will be used for sensitive projects whose contents are top priority. This applies to persons with additional privileges and before the credentials are used, clearance will be sort from the system administrator.
MEMORANDUM TO ALL EMPLOYEES
It is common knowledge to each and every employee that the security of our assets either company’s or individual hold great value to the continuation of operations. Compromise of information technology assets will impact negatively on the operation of the company as well as employees. In my capacity as the company’s Systems Administrator, I would like to raise concern on a number of areas that require immediate attention in terms of security. The concerns raised in the memo are in the best interest of each and every individual’s safety as well as that of the company resource. Thus, the issues raised in the memo together with the recommendations come into effect immediately.
Confidentiality, integrity and availability of information are the key determinants in the effectiveness of a company security. While the company strives to provide the best security solutions to guards its employees and resources, it is paramount that employees are fully integrated and committed to the process. Therefore, every employee of the company is expected to follow the understated security best practices and at the same time exercise caution in handling security matters
- .Practice caution with email attachments and untrusted links: Every employee is expected to be cautious when dealing with email attachments and untrusted sites. It is true that malware is commonly spread by people clicking on email attachments or links that launches malware. While using company computers, don’t open attachments or clicks unless you are sure that they are safe even if they originate from persons known to you. Some malware spreads through an infected computer, and while the email will appear to come from someone you know, it really originate from a compromised computer. All employees are advised to be wary of attachments with sensational names, and emails with misspellings, or those that entice you into clicking on them. Avoid emails that displays with the names such as “Hey, you won’t imagine the picture of you I saw on the Internet” because they are mechanisms of launching attacks.
- Every employee should exercise caution while sharing sensitive information. Cases of fictitious emails or web pages claiming to come from legitimate sources such as the system administrator and requesting your passwords or other sensitive information or directing you to websites requesting the information should be reported. Also, personnel claiming to work for the organization have been requesting for personal employees to provide their passwords. Note that passwords are personal information which should not be shared in whatever circumstances between even the closest of friends or spouses. As such any reported incidence of persons requesting your password or should be reported to the nearest security personnel for investigation and prosecution.
- Strong s and passwords: Passwords should be created using the outlined standard procedures and combination available at the office of Systems Administrator. On a general note, all passwords should exhibit the following combinations.
Cases of social engineering have been reported in the past where unauthorized personnel physically nab the passwords off a Post-It under someone’s keyboard or through imitating an IT engineer and asking over the phone. These social engineering intruders guess the passwords of employees by learning a minimal amount of information about them and later use them to inflict injury to the organization or the users.
- Lower case characters, a, b, c, d
- Upper case characters, A, B, C, D E ..
- Punctuations ?, “, ,, :, ;
- Numbers 1, 2, 3, 4, 5, 6
- Special characters such as $@&+=()%><:”;’
- Passphrases
Additionally, the passwords should be long enough with more than 10 characters
They should not contains dictionary words, names of people, objects or common places easy to crack
All passwords are confidential and should not be written down in papers or safe in computers.
All employee passwords should be changed at a regular basis and not at any one instance should be used for more than six months.
Passwords just like any other company assets belong to the company and carry some form of responsibility. Employees should note that any misuse, disclosure or inappropriate use will attract disciplinary action, prosecution and/or termination.
- Employees are also advised that physical security is paramount. Each an every employee has been issued with a door-pass electronic card which should be used at all times while accessing the company premises. However, cases of employees not carrying their cards and depending on their fellow workers cards have encouraged unauthorized personnel to enter the premises. This has increased security risks of the company resources. It is advised that action will be taken against any employee without a badge tag and security pass henceforth.
- The Security Division beliefs that the implementation of the above measures are to the best of interest and are in line with its mission of providing the management with tools and advice on all aspects of security. The department welcomes all questions and communication through the contacts below.
Call 02978254892643
Thank in advance
Regards
System administrator
MEMORANDUM TO IT TECHNICIANS
As the organizations IT technicians the responsibility of ensuring the relevant technologies are implemented for the good of the organizations security is bestowed on you. As such, you are required to ensure that the following Window seven technologies are implemented fully;
- Group Policy Objects
Security is an essential component of any functional organization. This calls for the documentation and tracking of log ins to particular files and folders through the use of authentication protocols and authorization techniques contained in Active Directory. This kind of auditing makes sure that a level of responsibility is a bestowed on each individual such that when a compromise is reported, relevant personnel are held accountable. This is applicable mostly to unauthorized user access, disk failure, and administrative errors and data alteration.
Organizational wide use of policies is important in order to achieve a uniform, standard and theme for all computing materials. When computer resources are customized to execute certain activities alone, uniformity is achieved in the organization and time wastage is minimized. Attaining uniformity not only protects the resources from abuse but also maximizes employee productivity. It also reduces interruptions and losses that come with the use of personal resources and utilities such as social networking.
- ANTI-MALWARE PROGRAMS
Computers in an organization are protected from malwares and viruses through the use of antimalware and antivirus software. Antimalware are programs designed to analyze files and programs for known patterns of data that constitute malicious code. It uses signature scanning to match new threats with known patterns of malicious code. The signature scanning is attained through multi-tiered technique where the entire hard drive of the computer is scanned in sequence during rest periods. Any file introduce into the computer via an external device or transmitted via email is immediately scanned to take control of the inactive code before it becomes active. If a file is found to contain a malicious code, the anti-malware decides whether to delete the file or quarantine it according to the user definitions.
The problem with anti-malware programs is that new versions of malwares and viruses utilizing new vulnerabilities are difficult to detect during a scanning process. This is because, new malwares do not have a signature and until one is developed; the anti-malware program will not detect it. By that time, the malware/virus might have caused considerable damage. In order to control such situations, sophisticated anti-malware programs have been developed to monitor known malicious behavioral patterns through signature based scanning.
- Firewalls
A firewall is responsible for controlling access among devices such as computers, networks and servers. Firewalls are installed between the safe zone and the unsafe zones such as the internet. Firewalls act by filtering the network traffic allowing authorized traffic and blocking the rest. All network connections must traverse the firewall in order to be filtered and allowed to pass. Unauthorized traffic is blocked. Firewalls are implemented based on IP addresses and ports among other parameters. Firewall definitions will be instituted to block unauthorized traffic while allowing the required traffic.
- Encryption
Mail is extensively used in the organization for communication purposes. However mail servers and mail clients have been the targeted of attackers because of the networking technology and the computing fundamentals associated with emails. Encryption processes is used to encrypt all the outgoing mail. AES is an encryption technique adopted by the company and every technician is expected to be familiar with the technique as well as provide support to other company employees where necessary to ensure safe transmission of mail.
Devices communicating via wireless networking will be secured through the use of 802.11i security protocol with Advanced Encryption Standard for encryption.
The organization requires sufficient security of its computing resources and with the implementation of the aforementioned techniques, it is expected that security will be top-notch.
Upon using the above mentioned procedures and technologies, it is anticipated that the security of the organization will be at an all time high always. Any inquiries can be forwarded to the following address
Call 02978254892643
Thank in advance
Regards
System administrator
TROUBLESHOOTINGBEST PRACTICES
Troubleshooting procedures are conducted to determine the cause of the problem and device a solution.
After successfully configuring firewalls on the computer systems, the administrator realized that there are a number of unsuccessful logins to the FTP server. Upon turning on the firewall real time monitoring program the administrator realized that there is a 20MB file that is almost transferred being transferred to an external user. This indicates that an attack is underway.
Despite the fact that security features are installed on the company’s computing resources, employees have reported receiving email messages with attachments which when opened do not display any content. It is probable that the attachments contain dangerous executable code that when opened will probable harm the user. Thus is in spite the fact that firewall products and two new bastions have been configured in the system.
The administrator reported one employee saying that a former employee of the company sends him an email with a blank attachment. After initial investigation, it is found that the employee account has been active recently and is used to send and receive mails originating and destined to the company. The former employee was sacked due to gross misconduct and irresponsible behavior.
Troubleshooting methodologies
In case 1 it is important to determine the facts before making a conclusion. The problem can be troubleshooting by using the following methodology.
Analyzing the state of the FTP server and the characteristics of the file being file being transferred
Isolate the problem and determine if it is characteristic in all systems or in a particular system
Check if the problem is common issue always or it is a new one
Define the action plan of implementing a solution
Consult other technical personnel and system administrators
After analyzing the problem using all the required steps it will be apparent if an attack is underway
In case two, it is not certain if email attachments send to employees constitute an attack. In order to troubleshoot the problem, the following procedures are undertaken;
Not the exact employees receiving suspicious email with attachments
Analyze all the mails with attachments to determine their similarity
Check for malicious code behind the attachments
Isolate the source of the emails
Rule out whether it is an imminent attack or not
A former employee of the company is suspected to colluding with attackers to launch attacks on the company. Troubleshooting involve determining the persons behind the activity and their motives.
Investigate the account and reasons why the accounts were not disabled. Question relevant personnel
Analyze communications taking place including inbound and outbound traffic
Determine the level of harm
Design a solution
SOLUTIONS
References
Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education.
Ciampa, M. D. (2011). Security+ Guide to Network Security Fundamentals. Cengage Learning.
Kizza, J. M. (2009). A guide to computer network security. Springer.
Mansfield-Devine, S. (2011). DDoS: threats and mitigation. Network Security. Springer .