|
|
|
|
|
Network design
|
|
|
Design Model for OZZICOM enterprise network security. Since OZZICOM is a big company, that means it has a huge number of operations and accesses by users. These operations and processes needs a secure network. Here are some suggestions that could be included in designing a model for OZZICOM enterprise network security. Network Assessment and Optimisation Leverages deep expertise and a wide range of assessment tools to analyze network operations and provide recommendations for improving performance and mitigating risk. Disaster Recovery and Business Continuance Develops a disaster recovery plan to help prevent costly disruptions to a network and to normalize operations as quickly as possible in the event of a system failure. IP Address and Design Implementation and Management Develops an IP address schema for sustained growth and efficient use of IP addresses. Provides a set of proven policies, procedures, guidelines, and tools for managing public and private address space for midsize and large enterprises. Application Network Review Helps ensure application production readiness, verifies bandwidth requirements, and identifies application bottlenecks. Directory Services Infrastructure Designs and implements a directory services infrastructure that delivers a high level of accuracy and security, and minimizes administrative tasks and costs. DNS Infrastructure Architecture and Design Designs a robust Domain Name System (DNS) architecture to support Internet and intranet name resolution. Capacity Planning and Optimisation Establishes a baseline for an existing enterprise's infrastructure and performs a gap analysis to pinpoint differences between the current infrastructure and identified requirements for projected growth. Traffic Engineering and Quality of Service Analyses and optimises network traffic based on network capacity and priorities for various types of network traffic Security Assessment — Quickly identifies immediate security concerns and network weaknesses, and then uses this information as the foundation for a comprehensive network review. Penetration Testing — Uses a multi-phased process of penetration testing and access attempts to assess the type and extent of security-related vulnerabilities that may exist in your current security system. Security Policy Design — Translates an enterprise's existing security requirements into a documented security standard to ensure that information assets are protected throughout the network. Firewall Protection — Safeguards entry to an enterprise's network with a special security system that prevents external hackers from misusing Internet connections and dial-in lines. Authentication — Leverages extensive authentication methodologies to verify that electronic messages come from their stated sources. Remote Access and Virtual Private Networks (VPNs) — Deploys and maintains the VPN to ensure that only authorized users can access the network. Uses sophisticated encryption technologies to encode data and prevent unintended recipients from capitalizing on it. Intrusion Detection — Utilizes advanced detection technology to scan for firewall "holes" and immediately detect and neutralize hacker attempts. Virus and Malicious Code Protection — Architects sophisticated protection mechanisms so that viruses and malicious code—which can be disguised as benign data such as e-mail—cannot penetrate your network. Find possible security solution for the company discuss physical security and system security which includes (assigning responsibility ,network security disaster contingency plan ).also security awareness and compliance. The OZZICOM company is a big company that is accessed by huge number of people via the internet. So securing this environment is a very important factor that concerns the company. Lets start first by discussing the physical security solutions: 1. Surveillance and detection: by replacing video surveillance cameras…etc 2. Alarm and sensors detectors 3. Security guards 4. Developed locks such as: finger print scanner or eye scanner. Regarding the system security or in another word software security, these solutions are effective: As more and more businesses shift from dial-up to always-on broadband Internet connections, such as DSL and cable, their networks are becoming more and more vulnerable to Internet hackers. Here are some secuirty solutions: a) Email monitoring: a. Spot checks just are not enough anymore. The tide information system IS is turning towards systematic monitoring of corporate Email traffic using content monitoring software that scans for troublesome words that might compromise corporate security. The reason user of monitoring software said they are concerned about protecting their intellectual property and guarding themselves against litigation. Internet and other online Email systems are one of the favourite avenues of attack by hackers for spreading computer viruses or breaking into the network computers. Email is also the battleground for attempts by companies to enforce policies against illegal, personal or damaging messages by employees and there demands of some employees and others, who see such policies as violations or privacy rights. The reasons for email monitoring are: Potential legal liability from information contained in Email Potential leaking of corporate secrets Use of email for racial or sexual harassment Complying with official regulations Personal and non business use of email Email monitoring policy: A statement that computer systems are the companies property and are to be used for business purposes only. A clear definition of what is and is not appropriate use of email A statement of employees that they cannot expect email to be private and that all email will be monitored An explanation that violations can lead to disciplinary action up to and including termination (introduction to IS) b) Virus defences: Every pc has to be protected from the latest viruses, worms, trojan horses and other malicious programs like back orifice that can wreck havoc on pcs, especially if the pc is periodically linked to the corporate network The latest computer virus prevalence survey from ICSA Labs found that computer viruses cost companies in the United States and Europe an average of $81,000 in 2002. And according to the Computer Security Institute, computer viruses generated a total cost of $49.9 million in the United States last year. The survey also determined that the monthly rate of computer virus infection in U.S. and European companies and organizations grew from 10 per 1,000 PCs in 1996 to 105 per 1,000 PCs last year. That’s way many companies are spending lot of money in building defences against the spread of these viruses Common ways that viruses spread: email attachments shared files floppy disks Infected documents and infected word processors c) Encryption Security This software package is used to scramble date or convert it prior to Transmission to a secret code that masks the meaning of the data to Unauthorized recipients. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Asymmetric cryptosystems are also called public key cryptosystems. Symmetric cryptosystems have a problem: how do you transport the secret key from the sender to the recipient securely and in a tamperproof fashion? If you could send the secret key securely, then, in theory, you wouldn't need the symmetric cryptosystem in the first place -- because you would simply use that secure channel to send your message. Frequently, trusted couriers are used as a solution to this problem. Another, more efficient and reliable solution is a public key cryptosystem, such as RSA, which is used in the popular security tool d) Firewall Computer security There are currently two distinct types of firewalls in common use on the Internet today. The first type is more properly called a packet filtering router. This type of firewall utilizes a multi-homed machine and a set of rules to determine whether to forward or block individual packets. A multi-homed machine is simply a device with multiple network interfaces. The second type, known as a proxy server, relies on daemons to provide authentication and to forward packets, possibly on a multi-homed machine which has kernel packet forwarding disabled. Sometimes sites combine the two types of firewalls, so that only a certain machine (known as a bastion host) is allowed to send packets through a packet filtering router onto an internal network. Proxy services are run on the bastion host, which are generally more secure than normal authentication mechanisms. e) Password Security Password protect your computer and restrict access to it with Security Administrator. It enables you to impose a variety of access restrictions to protect your privacy and stop others from tampering with your PC. You can deny access to Control Panel applets, disable boot keys, context menus, DOS windows, Registry editing, Internet and network access. Also one of the awareness and compliance that the company may face is the copyright issue.
|
|
|
|
Still Can't Find What Your Looking For? Then Try a Essay Search!
|
