This organization suffers from a lot of security issues which needs immediate mitigation plans. There has been a series of network security breaches such as unauthorized access to the network and organization’s employees being asked for their passwords by persons purporting to work in the IT department. As a result, the organization requires an efficient authentication strategy that ensures that only authorized personnel access the network. Likewise, employees need to be sensitized on the importance of keeping their credentials safe. They should realize that and passwords are important in keeping their personal security as well as those of the company. Thus, through a sensitization campaign, all the employees will be taken through learning process ensured at keeping their security at a maximum.
In that respect as a system analyst for the organization, I recommend authentication strategies which if implemented will ensure that company employees and other resources are safe from misuse and other vulnerabilities. They include the following;
- Network access control
- Username and Password Authentication
These two authentication policies benefit the organization in the following ways;
- Aid in the management of organizational computing systems, staff, partners and visitors.
- Protect information attached to the organization’s computer, telephone networks and any other organization’s system
- Provide a framework for tracking, monitoring and investigating compliance with regulations and legislation
NETWORK ACCESS SECURITY POLICY
The organization owns, controls, and fully supports the communication network. In order to properly secure and protect the network against attacks and malicious threats, the following standards are in effect:
This policy applies to all the devices connected to the network. Do not share USERNAMES AND PASSWORDS
The organization activates all data jacks, and demands that there be a 1-1 mapping between a port and a single computing device or a printer. It is against the rules for any user or an IT support personnel to connect a network connectivity device such as router, wireless adapter, or hub in sharing mode with multiple computers. THIS IS TOTALLY UNACCEPTABLE.
For non local DHCP server, the organization by default runs Enterprise DHCP servers which allocate out IP-based network addresses only to registered users. In order to maximize network stability and security, it is prohibited for any user or IT professional to run a local DCHP server.
In the scenario that a printer or computer is behaving poorly in the network, the organization system analyst will liaise with the departments administrator or owner to solve the problem, and if no progress is made, he/she has the sole discretion to disconnect the device remotely.
Currently, the organization controls where to deploy wireless connectivity. Users in the main commercial block are allowed to use wireless communication after registering with the administrator and their accounts authenticated with necessary security protocols. In case a user requires wireless connectivity in their spaces not covered by the coverage; they are required to make a written request to the Office of Chief Administrator. Users should desist from installing their own access point or the use of Internet sharing software.
Users should not connect to the organizations network without requesting an IP address
The allocated IP address should be considered same as the postal mailing address and should not be changed at any instance.
All projects that are classified as network intensive must be discussed with the system analyst before access is granted. If the needs of the user can be accommodated by the organizations infrastructure, the user will be logged in as a legitimate intensive user. Otherwise, users will be blocked.
All users are requested to read and understand their responsibilities at www.organizationsecurity.net
All users need to understand their personal risks involved in illegal sharing of files
Network policies may be changed at any time to meet the required security and infrastructure needs
The organization reserves the right at all times to block any or all IP addresses, network devices, switches, and other equipment without notice, when deemed necessary during critical network problems. Notice will be given as possible.
USERNAME AND PASSWORD MANAGEMENT
Managing the security of users through their user accounts and passwords is essential in ensuring the overall security of the organization. Usernames and passwords are important in managing legitimate users accessing organizations resources.
User account policies
All company employees are issued with a once they are employed in the organization.
The system administrator has the overall mandate to assign s to new users
Users are required to change their s at the first login
The system administrator audit and monitor dormant s. A that is dormant for a period exceeding six months is permanently deregistered. Once de-registered the system administrator has the sole discretion to register a user
The system administrator has the mandate to lock a user accounts for whatever reasons deemed necessary under the law
Password management
Upon the first log in a user is required to change their password
Password are required to be complex and at the same time easy for users to remember
A system administrator will enforce a password history mechanism to ensure that old passwords are not reused again. Users are also not allowed to change their passwords immediately after setting a new one. This policy is managed through minimum age policy
The system administrator will enforce a password expiry policy that guards against the use of a single password for a long period of timed. User will be required to periodically change their passwords after a period not exceeding six months.
The system administrator will disable the account after five unsuccessful logins attempts. A five strikes login policy will be implemented to prevent computer password attacks. The security policy will come into force if a user tries to unsuccessfully log in into their accounts for five times. By default, they will be blocked and required to report to the system administrator after a period of 24 hours in order to be reset.
When a new account is created for the user, an account expiry and new account creation policy will be enforced. Users will be prompted to change their passwords under a new or additional account.
The number of failed login attempts will be displayed to give users a tracking history before they get locked out
The last successful log in will be displayed to enable uses track their last account use
Each password will have the following characteristics
- Upper case characters, A, B, C, D E .. and lowercase numbers a,b,c,d
- Numbers 1, 2, 3, 4, 5, 6
- Special objects such as $@&+=()%><:”;’
- Punctuations ?, “, ,, :, ;
MEMORANDUM TO ALL COMPANY EMPLOYEES
In today’s society, due to the evolving sophistication of malicious criminals, the organizations security should take the first priority. Malicious attackers are equipped with the state of the art hardware, software and techniques that they use to crack even the toughest security measures. In that light, it is important that every user in the organization adopts best practices that will ensure continued safety and well being.
This memo is in response to recent findings of security breaches and malpractices in the organization. As a matter of fact, the recent reports that persons purporting to be working in the IT department have been requesting employee passwords are worrying. This is in addition to reports of unauthorized network access. As investigations progress into the identity of these persons, as well as the motive of their attack on the network and the possible damage inflicted (if any), it is important that employees play their part as pertaining security.
In these respect, and acting under my mandate as the System Analysts, I would like to bring to your attention the following best practices that will ensure sufficient security for our organization.
- .Every employee should be cautious with the way they handle email attachments and untrusted sites. Email attachments are used by malicious attackers to launch malware attacks on organizations computers. This may happen even without the user noticing once they open the attachments of click on untrusted links. Once the malware enters into the network it spreads to all the connected computers enabling the attackers to control, steal, alter and conduct other unfavorable activities on data and information therein. Thus, in order to be safe always, users are advised to exercise caution while opening mail attachments. Some attachments purport to originate from users you are familiar with in the organization (System Administrator) and carry sensational names, misspellings, and enticing messages. Examples of such email are “Hey, I saw the hot picture you send me” You are advised to henceforth avoid clicking or opening such mails and instead you should report to the System Analyst as soon as possible.
- It is common knowledge that sharing sensitive information even to trusted friends and relative is a recipe for security compromise. Every employee is required to desist from sharing any sensitive information with persons claiming to be working in the IT department. Passwords, s, and other sensitive information are personal and should not be shared with anyone under any circumstance. Any person requesting such sensitive information and claiming to work in the IT department should be reported immediately to any security personnel or supervisor.
- Every employee of this company is required to have a strong set of passwords used for any authentication process. As a basic password principle, each password should be a combination of alpha-numeric characters with special characters, numbers and spanning lower case and upper case letters. Passwords should be long enough with more than 15 characters and should not entail words of the dictionary, names of common places, persons or events and names of close family members or relations. Reports of social engineering practices have been witnessed in the past where intruders physically nab the passwords off a Post-It beneath someone’s keyboard or through faking a call from IT department. Those instances should be a warning to everyone writing/storing passwords under the keyboards in their workstations. For more details about password formation and combination, feel free to visit Chief Security Administrator and reference manuals on the company’s notice boards as well as on www.organizationsecurity.net.
- Finally, all employees are advised to keep up with the physical security measures instituted. Every employee is required to use his or her own door-pass electronic tags while entering and leaving the company premises. Also, all employees are required to undergo physical security searches while entering and leaving the premise to ascertain that they don’t carry unauthorized materials or devices.
With the implementation of the above mentioned practices, it is expected that the security atmosphere of the company’s resources as well as employee’s will be topmost for continued operation and success.
Regards
SA Call 0704825398256 or Email
MEMORANDUM TO ALL IT TECHNICIANS
IT personnel are required to be abreast with the prevailing security attacks and preventions systems to remain effective. Specifically, each technician is expected to undertake a refresher one week induction process in the following areas:
NETWORK INTRUSION DETECTION AND PREVENTION
The goal of IT personnel is to prevent unauthorized network and traffic access. Because the organization is totally not immune to intrusion, it is recommended that intrusion detection and prevention systems are installed in the company’s network. The organization has a host-based intrusion detection mechanism and a network-based intrusion detection and prevention system. In order to gain the best out of these systems, all IT personnel are expected to continuously monitor Intrusion Detection and Prevention Systems by updating the valid network data and signatures to detect anomalies. Since the systems automatically raise an alert when an anomaly occurs, IT technicians are required to report to the System Analyst as soon as possible and conduct procedural troubleshooting techniques.
DATA BACKUPS
The organization has implemented a VPN network to connect the headquarters and remote offices. In order to back up its data and information effectively, IT personnel are expected to efficiently manage the backup and recovery procedures over the VPN. In case of a disaster, a VPN data backup and recovery plan will be effected immediately. The organization runs a backup service designed to provide remote users with secure data backup from their remote locations. The backup services are limited to the organization’s VPN network only and IT personnel are required to adhere to this provision always. IT personnel are also mandated with the daily backups and updates and this should be strategically completed in a timely manner. In case of any problem, a written report should be submitted to the Systems Administrator in the shortest time possible.
DISASTER RECOVERY PLAN
The organization faces potential disaster scenarios include fire breakouts, cyber attacks, blackouts and system breakdowns. In that effect, IT personnel are required to do the following in such scenarios:
In case of a fire tragedy, IT personnel with set up an emergency operation centre with 24 hour support service delivered on a rotational basis among all the staff. Together with other personnel, they should organize evacuation of people and critical resources in the least time possible.
IT department will be responsible for the setting up of an incident command system tasked with the provision of integrated response and communication.
In liaison with other departments, IT department will determine suitable RTO and communicate on the available and necessary resources including offsite workstations and backups.
REMOTE ACCESS
IT department and personnel will configure secure system access for remote and telecommuting. Network resources have always been compromised through remote access platforms. In order to eliminate these attacks remote access will be managed by qualified IT professionals. IT staff will be tasked with the management of VPN-based intranets and extranets through Windows-based NAT solutions.
The organization IT personnel should ensure that the global backup and restores functionality provided through the VPN service is up and running always for each branch of business and telecommuting employees. A customized solution known as remote-user-VPN will be installed on each telecommuting employee’s laptop and a and password issued with the supervision of IT personnel. As a security precaution, the solution will be configured with your help to provide daily backup services to servers located at strategic locations outside the organizations premises. The System Analyst in each branch will recommend on the configuration settings for each location as per workload capacity.
Regards
SA Call 0704825398256 or Email
TROUBLESHOOTING
A fire breakout is reported in one of the company’s branches during the night. The branch manager is awoken by calls from the police and fire department about the fire breakout. During the previous business day, all was well and no sign of a breakout was imminent. The company’s data are always backed up at night after close of business.
An employee of the company records receiving an email from an employee account that passed on a year before. The email contains attachments and instructions to log in to the company’s server to purportedly get more scandalizing information about the company’s branch manager. The revelation has caused a lot of tension in the company and all the employees are suspicious of each other with others citing demeaning superstitions.
A procurement manager in the organization recently bought some computing devices from eBay. After a week, he received a message from the same company requesting payment for the goods shipped contrary to an earlier agreement. The officer was required to make online transfers in order for the goods to be shipped in the minimal time possible (that is 7 days) contrary to what had earlier been agreed on. Since the company required the supplies as soon as possible, the procurement manager decided to consult with the management without proceeding with the payment.
TROUBLESHOOTING PROCEDURES AND SOLUTIONS
Troubleshooting procedure
- Set up an incident response team and a temporary operation centre
- Check backup and recovery devices to determine the level of backup before the breakout
- Take statements from security personnel to determine the cause of fire
- Conduct forensic audit on the premise to gather evidence
Solution
Implement backup and recovery procedures outside the company premises
This is suspected to be a case of malicious insider
Troubleshooting methodology
- Check the exact employees receiving suspicious email with attachments
- Study all the mails and determine the computers they were send from, time, and account details.
- Check whether the account of the dead employee was deregistered and who might have revived it. If not find reasons why and narrow in on relevant parties
- Check for malicious code contained in the attachments
- Isolate the specific sources of the emails
Solution
Implement strict registration and de-registration policies for s and passwords
Punish colluding insiders
The email is suspected to be illegitimate from attackers. An investigation will proceed as follows;
Troubleshooting methodology
- Upon opening the mail, a link to the payment page is provided. Upon consultation, the manager is advised against clicking on the link.
- The manager hover the mouse arrow over the name in the From column and found it to be eBoy.com
- Upon checking the mail on My eBay as recommended by the company, the mail was missing
- The mail had the message body as an image contrary to the norm
Thus, this was a spoofed mail
Solution
In order to get spoof proof, the organization can implement ingress filtering using Cisco Express Forwarding to filter and drop any packets with spoofed source addresses.
The organization require to install a firewall and bastion hosts to block packets with source addresses different with trusted addresses.
References
Ciampa, M. D. (2011). Security+ Guide to Network Security Fundamentals. Cengage Learning.
Moskowitz, J. (2012). Group Policy: Fundamentals, Security, and the Managed Desktop. John Wiley & Sons.
Shimonski, R. (2013). The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic. Newnes.
