Network Security Plan Introduction Network security is the primary concern of every organization that engages in different types of communication with its network footprint to ensure that information exchange is protected against any unauthorized access and interception (Daya, 2013). Information security is the responsibility of all computer system users where every individual who is tasked with protecting the information systems resources within the organization regardless of the location, form or the supporting technologies. Therefore, to ensure that there are strong security measures against intrusions and internal misuses of access rights, an organization is expected to implement various security policies at different levels of organizational structure.
Also, ensuring that the network is secured at different levels of the OSI model is paramount for any organization that communication as well as share information between its personnel. Thus, this paper is going to devise a network security plan Sunshine Health Corporation with the aim of ensuring that the protection of information system resources is maintained.
To be able to come up with a feasible network security plan, it is imperative that all the security threats and risk to the organization are assessed and analyzed so that the plan will specifically deal with any possibilities of security breaches.
Some of the network security threats that will be considered when formulating the network security plan for Sunshine Health Corporation (SHC) are: • Embedded system vulnerabilities • Computer viruses • Denial of services • Insecure application • Data supply chain threats • Password Attacks • Hardware loss and residual data fragments Insecure access by former employees Ignore insider threats • Phishing • Trojan Horses • SPAM Therefore, with these security risks and threats in mind, a reliable network security plan that will ensure the entire communication infrastructure of Sunshine Health Corporation is easily developed.
The network security plan will outline and describe the measures that will be put in place to ensure that the security of the network is firm at all levels of the organizational structure as well as the OSI model. The network diagram of SHC network communication is as shown in Fig 1. The network diagram is a two tire network architecture which facilitates communication between the client and the server for resource allocation.
1Network Security Plan for the Organizational Structure Scope of the Plan The standards, policies and the procedures set in the network security plan apply to as the information systems as well as the resources that are controlled and monitored by Sunshine Health Corporation. It includes all the workstations that connect to the SHC network and all the Information System personnel and departments within SHC as well as any other person who utilizes and manages those systems and computers. More precise, those individuals who are involved with the management if information systems.
Standard Provisions The IT officers of SHC will be responsible for managing risks through identification, evaluation, control and mitigation of any software and network vulnerabilities that are probable threats to the organization’s data and information system. Every individual who is a system user within SHC will be accorded with login credentials (unique ID and password) to ensure that the accountability of the network usage for each user is maintained where these credentials are to be kept confidential. In an event where the integrity of the user accounts is compromised, the authentication credentials of the users are changed.
Access to network resources will only be done by authorized IT staff. Also, only designated personnel to form the Department of IT is allowed to reconfigure the network software or hardware. Before obtaining any connection to the network communication or the server to the SHC, one must seek approval from the corporation’s network administration. Also, each personnel is prohibited from attaching devices such as DNS servers, DHCP servers, Network Gateways, Network Monitoring devices and any other devices that may disrupt the corporation’s network operation.
Network Security Risk Assessment, Control, and Mitigation Network Control Software and systems that are able to monitor and record usage of internet, network and computer will be installed. This software and systems that are installed comprise of intelligent security and monitoring systems that that can record the traffic of network usage such as traffic into file servers, WWW sites, email conversations, sharing of files between computers within the same network, and chat rooms (Young 120). Other devices that are not authorized within the network are blocked as well as suspending accesses to the network that may disrupt the normal function of the network connections.
DHCP services To ensure that possible network service disruption and security breaches are prevented, prohibition of DNS or DHCP servers that are not authorized is employed. Assignment of IP addresses is done by dedicated SHC DHCP server to ensure that only authorized access utilizes the network resources.
DNS Services The computers that are assigned IP addresses by the DHCP server is allocated a supplementary DNS name be the network. Any access by a computer with a domain name that is not associated with the network of SHC is declined. All the requests for domain name assignment are only approved by the authorized SHC IT personnel.
Wireless Network Services Connection to wireless networks is limited to the individuals who have been accorded with SHC accounts. Also, to ensure that network security is upheld, individuals who do not have authenticate accounts dare provided with a guest network that is segregated from the resources and servers that are internal to the SHC network. Also, further authentication of access to a guest network is mandatory, that is, phone numbers should be provided to authenticate.
Network Access Network accesses are only allowed to those individuals who have proper statuses such as staff, director, and manager or department and are required to present authentication credentials when necessary. When an employee exits SHC, his/her account is immediately disabled to ensure that they do not have to access their previous accounts.
Destruction and disposal of information and devices Confidential and restricted information that are no longer need is disposed of in a manner that there is no possibility of recovery and retrieval by individuals with unscrupulous intentions. Memory storages of devices are completely wiped before disposal to ensure that confidential data and information does not land in the hands of the wrong people.
User Computer Devices Each and every individual who uses computer devices to access network resources is expected to ensure the integrity and the security of the sensitive information stored in their computers through maintaining physical security and secure network access. Also, users are mandated to have computer antivirus in their machines to protect the information from malware attacks.
Physical Access Access to network resource locations is restricted to only the SHC IT personnel who are mandated to carry out network operations and maintenance. Computer and network hardware are located in places with 24 hours surveillance and are properly cooled to sustain data security as well as integrity. Server environment Before installation of any servers, competent SHC IT personnel must scrutinize through thorough security evaluation and audit. This personnel is mandated to possess administrative access rights to the servers where they must provide passwords as well as follow the two-factor authentication when necessary.
Network Security in the OSI Model The OSI model if comprised of seven layers that are paramount in securing the information resources of an organization since it conceptualizes the communication functions of computer systems within the organization (Bora, et al. 216). Thus, the every layer should be protected against its respective security threat in regards to the security model of each layer. The respective security models of each layer include: Layer Application Presentation Session Transport Network Data Link Physical Security Model Authentication Access Control Non-repudiation Data Integrity Confidentiality Availability/Assurance Signature Physical Layer The IT officers should ensure that the physical access to the information resources such as the storage units, equipment rooms, server cabinets, and offices are controlled through the use of physical locks to prevent intruders from accessing them. To ensure that access to physical information resources of Sunshine Health Corporation is limited to authorized IT personnel, Card keys, and physical keys, as well as biometric authentication, will be implemented. Also, proper training will be accorded to the information users to ensure that they are able to effectively protect themselves against Social Engineering.
Datalink Layer At this layer, security mechanisms such as the use of passwords and usernames are implemented which protects the system against Libpcap attack thus ensuring that the information exchange within the organization is error free. Also, the security measures that are implemented at this layer should be able to protect the system against MAC Flooding, Spanning-Tree Attacks, and ARP Attacks.
Network Layer The security precautions at this layer are to implement Virtual Private Networking (VPN) that will enable the establishment of credentialed connections as well as the transmission of payloads that are encrypted across the internet channels that are already established. The use of VPN means that the transmission is encrypted from external attacks. Also, the network should be secured from unauthorized access where the DHCP that is used is with a very short lease length to ensure that assignment of IP addresses are specific to avoid IP conflicts within the network.
Transport Layer Private ports will be used instead of well-known ports to ensure that intruders do not get access to the TCP and UDP ports. Also, software that performs virus scans will be used to protect the system. The use of state transmission will be used to ensure that authorized transmissions are differentiated. Additionally, data integrity is verified via MAC for detection of any modification by the attacker. On the other hand, encryption will the implemented for data confidentiality which simultaneous with data integrity (Kahate, 2013).
Session Layer The use of a Certificate Authority at this layer will ensure that session services are encrypted to avoid interception of transmissions and denial of services. Implementation of cryptographic algorithms and varying ciphers will help ensure data are protected via encryption regardless of a successful interception. Presentation Layer With regards to the Sunshine Health Corporation, information that is transmitted within the network footprint should be encrypted to ensure that access to data is impossible without decryption codes.
Application Layer The network security personnel will ensure that every system user possesses a password and a unique ID that authenticates them into the system. System users are advised to change frequently their password to eliminate the possibility of an individual with malicious intentions mastering their password. Other forms of authentication such as biometric will also be implemented to provide further security.