Computer and Network Security Plan

MADS6638Dr. Eamon P. DohertyDecember 4, 2011

Password:CarlosGómez

With the explosion of the public Internet and e-commerce, private computers, and computer networks, if not adequately secured, are

increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent clear and present dangers to networks. And all computer users, from the most casual Internet surfers to large enterprises, could be affected by network security breaches. However,

security breaches can often be easily prevented. How?

INTRODUCTION

When setting up a network, whether it is a local area network (LAN), virtual LAN (VLAN), or wide area network (WAN), it is important to initially set the

fundamental security policies. Security policies are rules that are electronically programmed and stored within security equipment to control such areas as access privileges. Of course, security policies are also written or verbal regulations by which an organization operates or your home. In

addition, companies must decide who is responsible for enforcing and managing these policies and determine how employees are informed of the rules and watch guards. At home, you are responsible for security policies.

With a good: Security Policies

Network Security Policies

Like a building, a network requires multiple layers of protection to be

truly secure.

The Clean Desk Test: What's Wrong with This Picture?

Can you point out in the picture, of

security policies who were violated

VIOLATIONS RISK SUGGESTED POLICIES

Personal effects including a bank

statement (3), checkbook (4) and

mail (5) left on desk. Briefcase (6) left open near desk.

Bank statements include account numbers and other

personal identifiers; mail carries home addresses and could reveal private information;

checkbook contains a history of financial transactions. Unlocked briefcases can have items stolen from them if employee leaves

the area.

• Lock briefcases and cabinets when away from desk for extended periods.

• Keep all personal effects in a locked briefcase or locked cabinet devoted to personal effects

Personal Data

VIOLATIONS RISK SUGGESTED POLICY

Day planner (1) and Rolodex (2) left on

desk.

Personal and professional information - including phone numbers, passwords, or notes on meeting times, places and

subjects—is vulnerable.

Store day planners and notebooks in a locked drawer or take them when away from desk for extended

periods of time, including overnight.

Proprietary Data

VIOLATIONS RISKS SUGGESTED POLICIES

Keys (7), cell phone (8), PDA (9) and building

access card (10) left on desk.

Cell phones can be stolen or have their call histories compromised.

Stolen keys give intruders access to restricted areas of the office. PDAs

contain sensitive personal and professional data. Stolen access cards can be used for continued

access to the building.

•Keep devices with you, and lock cell phones and PDAs with a pass code.

•Never leave your access cards or keys out anywhere; always keep them with you.

• Notify security staff immediately if access cards or keys are missing.

Access Tools

VIOLATIONS RISKS SUGGESTED POLICIES

Applications left open on computer (11), CD left in computer (12), passwords on sticky note displayed on

monitor stand (13), printouts left in printer

(14).

Access to personal or sensitive corporate e-mail or passwords can allow ongoing access and intrusion.

CD left in drive and data on printouts can be stolen. Cache files

for applications and printer can yield sensitive data one might have

thought wasn't preserved.

• Close applications and turn off your monitor when you leave your desk.

• Do not leave portable media such as CDs or floppy disks in drives.

• Enable a password-protected screen saver.• Turn off your computer when you leave for extended

periods.•Never write your passwords on a sticky note nor try to hide

them anywhere in your office.• Remove printouts from printers before leaving your office.• Shred sensitive printouts when you are done with them.• Clear cache files on computer and memory on devices like

printers regularly.

IT Tools

VIOLATIONS RISK SUGGESTED POLICIES

Desk positioned so it's partially exposed to

window and view from the hallway (15). Whiteboard with

sensitive data on it viewable from hallway

and window (16).

Window exposure could enable spying from other buildings.

Hallway exposure could allow unauthorized access if data, such as

a password, is written on a whiteboard.

• Desks and furniture should be positioned so that sensitive material is not visible from either the windows or the

hallway.• Close blinds on windows.

• Use a screen filter to minimize the viewing angle on a computer monitor.

• Erase whiteboards; if data on whiteboards needs to be saved, use electronic whiteboards or employ shutters.

Spatial Misconfigurations

VIOLATIONS RISK SUGGESTED POLICIES

File cabinet drawer open (17) and keys left in lock (18). Trash bin

contains loose-leaf paper (19). Bookshelf contains binders with sensitive information

(20).

Folders in cabinet are eminently stealable. Keys allow for ongoing

access and the ability to return files, so it's hard to detect theft. E-mails, other sensitive paper in trash bin

can be stolen after-hours or found in the Dumpster outside. Binders on

shelf, clearly marked as sensitive, are also available for "borrowing,"

making the theft of the information hard to detect.

• Do not use bookshelves to store binders with sensitive information. Label those binders prosaically and lock them

up.• Arrange folders in file cabinets so that the least sensitive

are in front, most sensitive in back.• Keep file cabinets closed and locked. Do not leave keys in

their locks.• Shred paper before throwing it away. Participate in a

corporate-wide shredding program.• Lock your office door when you're gone for extended

periods.

Beyond Desk

After the potential sources of threats and the types of damage that can occur have been identified, putting the proper security policies and safeguards in place

becomes much easier. Organizations have an extensive choice of technologies, ranging from anti-

virus software packages to dedicated network security hardware, such as firewalls and intrusion detection systems, to provide protection for all areas of the

network.

Security Tools

Now we know what is:

SECURITY POLICYIn business, a security policy is a document that states in writing how a company plans to protect

the company's physical and information technology (IT)

assets. A security policy is often considered to be a "living

document", meaning that the document is never finished, but

is continuously updated as technology and employee requirements change. A

company's security policy may include an acceptable use policy,

a description of how the company plans to educate its

employees about protecting the company's assets, an explanation

of how security measurements will be carried out and enforced, and a procedure for evaluating

the effectiveness of the security policy to ensure that necessary

corrections will be made.

My Home NetworkMy home network is very simple since it only has a TV, Phone, computer and printer, I have to share with my children as you know the economic situation is not very good. My Internet provider is VerizonSo I will try to give more information, about what is a good network.

Verizon MI424WR Router

Internet

Home Network Setup for FiOS Internet With a home network, your entire household can share one Internet connection with several computers; giving everyone access to the Internet at the same time. You can share access to

printers, files, folders, and other hardware devices like scanners and fax machines.

There are two types of networks: Wired and Wireless. A wired network allows you to connect multiple computers in your home using cables between each computer. A wireless network allows you to connect computers without using cables between each computer.

Who should use a home network?Homes with multiple computersPeople who bring work laptop homeTelecommuters working from homeRoommatesSmall home offices

File sharing - Network file sharing between computers gives you more flexibility than using floppy drives or Zip drives. Not only can you share photos, music files, and documents, you can also use a home network to save copies of all of your important data on a different computer. Backups are one of the most critical yet overlooked tasks in home networking.

Printer / peripheral sharing - Once a home network is in place, it's easy to then set up all of the computers to share a single printer. No longer will you need to bounce from one system or another just to print out an email message. Other computer peripherals can be shared similarly such as network scanners, Web cams, and CD burners.

Internet connection sharing - Using a home network, multiple family members can access the Internet simultaneously without having to pay an ISP for multiple accounts. You will notice the Internet connection slows down when several people share it, but broadband Internet can handle the extra load with little trouble. Sharing dial-up Internet connections works, too. Painfully slow sometimes, you will still appreciate having shared dial-up on those occasions you really need it.

Question: What Are the Benefits of Networking?

Answer: The benefits of networking (either wired or wireless) in homes are:

Multi-player games - Many popular home computer games support LAN mode where friends and family can play together, if they have their computers networked.

Internet telephone service - So-called Voice over IP (VoIP) services allow you to make and receive phone calls through your home network across the Internet, saving you money.

Home entertainment - Newer home entertainment products such as digital video recorders (DVRs) and video game consoles now support either wired or wireless home networking. Having these products integrated into your network enables online Internet gaming, video sharing and other advanced features. Although you can realize these same benefits with a wired home network

Answer: The benefits of networking (either wired or wireless) in homes are:

Verizon Home Monitoring and Control

Your home automation solution lets you monitor your home environment to help safeguard your family and budget. The

system is easy to customize and install. Then control it through a password-protected website for just $9.99 per

month.

In networking, the communication language used by computer devices is called the protocol. Yet another

way to classify computer networks is by the set of protocols they

support. Networks often implement multiple protocols to support specific applications. Popular

protocols include TCP/IP, the most common protocol found on the Internet and in home networks.

Many of the same network protocols, like TCP/IP, work in both wired and wireless networks. Networks with Ethernet cables predominated in businesses, schools, and homes for several decades. Recently, however, wireless networking alternatives have emerged as the premier technology for building new computer networks.

Network Protocols

Wired vs Wireless Networking

Answer: Wireless networks utilize radio waves and/or microwaves to maintain communication channels between computers. Wireless networking is a more modern alternative to wired networking that relies on copper and/or fiber optic cabling between network devices. A wireless network offers advantages and disadvantages compared to a wired network. Advantages of wireless include mobility and elimination of unsightly cables. Disadvantages of wireless include the potential for radio interference due to weather, other wireless devices, or obstructions like walls.

Question: What is Wireless Computer Networking?

If you're looking for life in the fast lane, and are interested in delving into the world of high-speed internet access for your home or office, there are two main contenders: DSLCableThe services are similar in that they'll offer you super-fast Web surfing; at least three times as fast as dial-up. They'll also allow you to download files, stream video or send sizable emails multiple times faster than dial-up. So, you can finally send those pictures of your kiddies to mom and dad.

Introduction to Cable and DSL

Cable Versus DSL on BandwidthWinning the bandwidth or speed battle is usually 'Cable' modem Internet services. Cable download speeds are up to 2 times faster than DSL. But cable services can slow down significantly if many people are accessing the Internet at the same time in the same area. Basically, the same cable line often connects to many households in your neighborhood, so if you and your neighbor are both using the service at once, your speed may suffer and become more sluggish. That's also the reason why cable modem services may not always be as secure as DSL.

Cable Versus DSL on SecuritySince cable uses a shared line, anyone in your neighborhood could potentially access the same local area network or LAN that you use, and be able to click on your Windows Network. That means they could see your personal information or even download copies of your data. Make sure to put the proper security measures in place - like a firewall and anti-virus software - no matter which service you decide on. So, winning the battle over best security, definitely DSL!

Cable Versus DSL on InstallationWhen it comes to installation, cable has a leg up. All you have to do is call the cable guy and get the new line installed and then you connect the line to your modem. It's as easy as hooking up your VCR to your television.With DSL you'll need a phone line and it may require you to take multiple steps on your computer after you install the DSL modem that the phone company provides. You may also be required to put filters on all of your additional phone jacks.

General SecurityRegularly update your operating system, web browser, and other key software, using the manufacturers' update features or web downloads .

Do not open an email attachment, even from someone you know well, unless you know what it contains .

Configure your computer to show file name extensions so you are certain what type of file you are working with.

Configure your computer to not share files over your Internet connection .

Create a floppy boot disk as part of an emergency recovery plan.

Do not respond to spam email - you are only confirming to the spammer that they have a valid address.

Configure your email software to not use automatic preview in your default Inbox - this may execute an undesired script or applet .

Make regular backups of important data - a CD burner is great for this Keep a list of the programs installed on each computer with the installation disks in a known location Make sure all passwords are strong with: at least eight characters of mixed case, include at least one numeral (not at either end), include at least one special character, and do not include common words; and change them at least every six months Run all wireless networks with WEP enabled and treat your boundary security as if you were wired Be aware that email and the web is not the only connection to the Internet you may use - check for instant messaging (IM) and chat (IRC) programs also

Recommendations Summary

FirewallUse a firewall to protect all your computers all of the time.

Configure the firewall correctly to restrict the maximum number of avenues into your machine (do not assume the manufacturer defaults are correct for your situation)

Configure the firewall to operate in stealth mode.

Ensure the firewall will email alerts and logs to an account that you monitor.

VirusInstall antivirus software on every machine Configure the antivirus software to automatically download updates at frequent intervals Configure the antivirus software to automatically scan the computer daily for viruses (optimally after the update check) Manually scan disks with antivirus software before you use disks from an outside source, including manufacturer's installation disks Manually scan with antivirus software when you suspect you may have been infected Do not forward any email warning about a new virus since it is likely a hoax or outdated

SoftwareIf a hardware firewall is inappropriate, then a software firewall is required. Dr. Eamon, recommended Zone Alarm from Zone Labs (http://www.zonelabs.com/). It is free for personal use. The advanced version is Zone Alarm Pro. It adds some compelling features that you should consider. I run Zone Alarm Pro on my home networked computer as well. Here is a good summary piece on software firewalls from http://www.epinions.com/content_2003411076.

Security ScanningOnce you have a firewall system set up, how do you know it is secure? This will require an external scan. One site that offers such a service for free is at http://grc.com/default.htm. Gibson Research Corporation offers their free Shields UP! service (scroll down the main page to find the link). This scanning service will test your computer's security and provide you with a detailed report and links to more information. It is very reliable and accurate, and is highly recommended by Dr. Eamon.

Antivirus ProtectionEvery computer should be running some form of antivirus software, without exception. There are so many different ways to move information into a computer that it is impossible to guard every one. Instead, a centralized protection program running on each machine has to guard against virus intrusions. The two most popular are Symantec Norton Antivirus and Network Associates McAfee Antivirus.

Software UpdatesThe best thing you can do is to go to the Microsoft Windows Update website http://windowsupdate.microsoft.com/ regularly.

BackupsBackups of important data should be a no-brainer. Compare the number of hours it would take you to recreate the data versus the cost of keeping a copy always on hand and it should be obvious that backups are cost effective for everyone.The easiest method to do backups nowadays is via a CD burner. For Windows, copy your entire My Documents folder to the CD, then add any other important data directories. Keep the CD in a fire-resistant box in your house or in a safe deposit box (or both).

E-Mail securityEmail carries essential messages for the everyday workings of your business. But it's also a major conduit for security threats that blend web, email, and data attack strategies. According to Websense® Security Labs research: • Nearly 90% of unwanted emails contain web links to spam or malicious

websites • Only 1 of every 4 anti-virus products catch blended web and email attack

campaigns • Cybercriminals use news, shopping, and other hot topics to disguise spam-

carrying emails so well that even savvy recipients can't resist clicking. Encrypted email that makes sure no one can read or modify your data.

What To Do If You Have Been HackedImmediately disconnect the telephone or network connection from the computer Run a complete virus scan using fully updated antivirus software Install a firewall if you do not have one Before reconnecting to the Internet, try to find out why your computer was vulnerable

What To Do If You Get A VirusImmediately disconnect the telephone or network connection from the computer Run a complete virus scan using fully updated antivirus software DO NOT delete files, even infected ones - let the antivirus software attempt to disinfect the files instead DO NOT reformat your hard drive DO NOT run your email program until you have run an antivirus scan. Today, many millions of households in the U.S. and worldwide have adopted home computer networking. Millions more have yet to build their first home network. Even those who've previously taken the plunge are now beginning to revamp their networks for wireless the current wave of useful technology for home networking.

REFERENCES•Book "Network security A Beginner's Guide by Eric Maiwald.

•Material of Dr. Eamon.

http://www.youtube.com/watch?v=LmB2slsEBTY&feature=related

http://en.wikipedia.org/wiki/Home_network

http://www.cnet.com.au/how-to-network-your-home-339296625.htm

http://www.cert.org/tech_tips/home_networks.html

http://www.microsoft.com/athome/organization/wirelesssetup.aspx

http://www.pcguidebook.com/homenetwork.asp

http://download.zonelabs.com/bin/media/pdf/homeNetwork_datasheet.pdf

http://ask-leo.com/how_should_i_set_up_my_home_network.html

http://www.cnet.com/1990-7390_1-6213817-3.html?tag=dh;dh_m