With the advent of information systems, it is important that there is a secure environment that information systems will operate. Information security is an important concern that should be undertaken. The fundamental characteristics of high speed network with maximum security features are high performance encryption, high encryption packet filtering, proxies and trusted servers. The most crucial is the high-performance encryption and high-performance packet filtering.
Company assets
There are assets which are supposed to be protected by the company. This section will identify these assets. The assets that need to be protected are physical and electronic assets. Computers form the bulk of the physical and electronic assets that the company has. In every task done in the organization computers are mostly used in the same. Therefore the importance of the same cannot be overlooked. Since the company has different branches located in different locations, there is a need for a network. The company therefore has an established network with different network resources. Some of these resources include switches, mainframes, routers, servers and data centers. These are majorly ICT electronic assets owned by the company. ICT assets are at a greater risk in the organization.
Information technology risks that can be seen in this case include loss of a system or networks. There is a risk that some automated systems may fail to carry out their functions as required and as needed. This would most likely and in no doubt affect the organization's ability to carry out its missions and meet the set objectives. The management therefore needs to be included in the overall management of the organizational strategies for managing risk. Without the inclusion of the management and other stakeholders in the ICT departments, it becomes more difficult to identify the problems and risk related to ICT services and equipment especially in situations whereby a remedy need to be established immediately. ICT needs will always change as new technologies emerge (Stallings, 2007). The proliferation of technology and the globalization of the economy not to forget the rate at which the company is expanding will surely mean a rise in divergent IT risks.
Network security architecture
There three issues or concerns in building the MLS network. These are sanitization, covert channels and Bypass. Sanitization is the removal of information that is sensitive from a medium or a document so that it can be transmitted to a large number of audiences. When the network is handling sensitive information, the document clarification level is reduced by sanitization. On the other hand, covert channel is a computer security attack that facilitates the exchange of information between processes that are not permitted by the security policy. A MLS is built on an information system that has high security trustworthy. Often, it is built on a MLS operating system. It involves multi- layer security level that is mandatory.
The network topology utilized in XUMUC’s LAN that links all end systems in the various buildings. LAN technologies , including Ethernet, Token Ring, FDDI, Fast Ethernet, and ATM are the most generally used networks.
The medium XUMUC network design under consideration will comprise of a core in a single L3 Ethernet switch to provide L2 and L3 services to essential devices. The server, client, wireless, and management subnets should be used to support the traffic separation required.
Most of the XUMUC traffic stream through the L3 Ethernet switch thus an NIDS is exploited here to monitor the network traffic. Care should be taken not to oversubscribe the NIDS in order to retain the alarm data. Thus the main fuction of the switch is to acts as a distribution and core layer.
L2 switches will utilize the VLAN to handle the access layer of the users and support diverse domains of trust. VLAN APs will be connected through similar access switches if there is no option provided by the physical cable plant. There should be a separate VLAN for WLAN traffic.
In order to support the identity needs of the edge, XUMUC WLAN identity and the management access to various devices, a AAA server will be required. The server will provide authentication for 802.1x protocols among others.
The XUMUC network diagram is shown below:
POLICIES
Enterprise IS policy
An EISP can be defined as a general securirty policy that supports the mission , vision and direction of the XUMUC towards the set strategic scope and tone for all security efforts. It can also be referred as XUMUC security policy, IT security policy or Information security policy. EISP is an executive two to ten page document drafted by the chief security officers to define the philosophy of security at the XUMUC (Gollmann, 2011)
It’s the EISP that sets the development, implementation and management of the security blueprint program, its constraints and application. An EISP assigns roles to system administrators, information security policies and the users. According to the National Institute of Standards and Technology NIST, EISP defines the general compliance of various components to the set requirements and specifies the penalties and disciplinary actions.
Issue specific security policy ( ISSP)
The implementation of various policies requires guidelines that specify their use in order to reap maximum benefits. ISSP policy is meant to add additional information concerning the overall security posture at the Morgan XUMUC and give guidance on the relevant security procedures. An ISSP is a statement document which gives instruction to employees on proper usage of technology and the specific issues pertaining to security. There are three approaches for creating an ISSP policy.
- Independent ISSP documents
- Single comprehensive document
- Modular ISSP document
Morgan XUMUC Statement of Policy , Violation of Policy and Policy Review and Modification are the examples of ISSP documents
System-Specific Policy (SysSP)
SysSP policies are standards or procedures used for configuration or maintaining systems. For instance the configuration and operation of a network firewall can be done by use of a firewall SysSP policy. The document comprises of a statement of managerial intent that outlines the guidelines for selection, configuration and operation of firewalls and the access level authorization for each user.
SysSP are categorized as managerial and technical but can be combined in a single document (Vacca, 2006). A managerial SysSP is formulated by the management to be used in the implementation of technology and guide people behaviors.The XUMUC policy restricts students from accessing non-academic websites from its network therefore a managerial SysSP is used to implement the firewall according. On the other hand technical SysSP guides the firewall configuration procedure. Each type of equipment in the XUMUC requires different policies which are used to translate the management intent into the enforceable technical approach.
An enterprise IS policy is a policy document that facilitates the and promote the information security in a global company enterprise. It describes the high level security objectives issued to all company employees and objectives. The scope of the policy includes all users and equipment that an enterprise company manages and all the third parties that transact business with the XUMUC. The policy document applies to any person accessing the Morgan XUMUC systems but not limited to consultants, temporary visitors, networks owned by the XUMUC and all information sensitive in nature and not public either in possession or in control of the learning institution.
Application security policy
An application security policy outlines the security measures that relate to applications in possession of an organization. System life cycle defines this model process. Software development and implementation for purchased or internally developed applications must include appropriate security controls and audit capabilities to prevent the loss, modification , corruption or misuse of the XUMUC software assets. Each application consist of attributes that can be adapted to the desired security needs. Some application have access control based on the attributes it is assigned. The validation functions checks the metadata tables to confirm attribute combination are in line with security policies.