Abstract image of a woman sitting on books and studying on a laptop

P3 m2

Download as PPTX, PDF
M
Matthew Horrigan

The document discusses various policies, procedures, and security measures that can be implemented to minimize security breaches in a network. It recommends establishing policies regarding data storage and access, backups, antivirus software, and user access privileges. It also stresses the importance of user training, physical security of network infrastructure, risk assessments, strong identification/authentication methods like two-factor authentication, and use of encryption and digital certificates. Authentication for internal users could include ID/password, physical access cards, and authentication devices, while external users benefit from digital certificates and unique ID/password combinations.

1 of 14
Downloaded 37 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
M A T T H E W H O R R I G A N HOW TO MINIMISE SECURITY BREACHES IN A NETWORK
POLICIES AND PROCEDURES Within an organisation, there must be policies set which govern what can be done by who, without these there would be several problems: Unsecure network, unsecure data, anyone can access anywhere. A data policy can be used to govern what kinds of data should be stored on the network as well as what happens to that data; Encryption, destruction or distribution. A Backup & Restore policy and procedure should be set in place so that the correct steps are taken when doing a backup (and when It should be done). There should also be a security policy on the network, this would govern how/what antivirus and antimalware software is run. A UAL (User Access List) can be put in place to control what a user can access this could include: Website Access, Network Access(networked drives), Software Installation and/or external media privileges. A leaving policy and procedure can help protect the network for when someone has left the company , their accounts and access methods should be disabled.
USER RESPONSIBILITY After a user has signed the policy sheet, what they do on the network is up to them and whether they will coincide with the agreement they have signed or not. This would include things like how they use their email account (for example, sending out confidential data to a personal email), how they keep their data (On a USB data stick is not as secure as on an encrypted network) or whether they are going to try and access any unauthorised materials (websites, downloads) through avoidance techniques like a proxy.
TRAINING Training all staff members is a basic thing that any company should do, this training will teach them the basics on how to keep their data safe and how to keep the network safe whilst using it. However, there is also the matter of keeping them trained, employees should be regularly trained to ensure that they have knowledge on the latest techniques that are used inside the network so that they can use them to their full advantage. This is often called “Continuous Professional Development”.
PHYSICAL SECURITY Physical Security involves protecting the physical access points of the network: Data storage rooms and network rooms (or any room that should not be access by everyone) should have a secure locking mechanism (ID scan or lock and key). The network should have limits on how many resources can be shared among the computers, to prevent one or two from eating up the entire network’s resources and crashing it. Secure entrance/exits, with a locking mechanism to access them as well as a security guard. This will prevent unauthorised access to grounds. CCTV cameras can help to prevent unlawful action, or to find the culprit if something has happened.
RISK ASSESSMENT & PENETRATION TESTING Risk assessment involves a thorough look at how the network can be damaged, this process is used to create new policies and procedures for the future protection of the network. Penetration testing should be used to help detect any faults or vulnerabilities in the physical access points of the network. Before this is run there should be policies set that determine what kind of backups and restore points should be generated, to prevent any accidental data loss. (or that the penetration testing should be run on a proxy network).
M2
IDENTIFICATION, AUTHENTICATION & AUTHORISATION When using any service, a user will be required to identify themselves, this is when they give something to the server that the server will then need to authenticate (to check whether it is real or fake, or ask for further details like unique numbers related to the person or a physical form of identification) and then the user will be authorised, if the details they entered are authentic and they are allowed to use the service.
TWO FACTOR AUTHENTICATION The two factor standard of authentication is when the user will need to provide two different types of authentication. This is much more secure than a single piece of authentication as it can be very hard to either forge two pieces or to find out what the second piece is. This type of authentication is used in many places, one of the most used places would be in ATM machines where a physical card is required as well a personal identification number.
USERNAME AND PASSWORD AUTHENTICATION The use of a username and password authentication method is that the username is unique and will only relate to one user. The password is not unique (as that may indicate to someone that the password is being used by someone else) but it should have minimum requirements for complexity. This access and authentication method is widely used across the internet, with accessing secure data areas or just accessing an online forum.
BIOMETRICS Biometrics is another authentication method. It is a very secure method of authenticating as it requires physical body parts of a human being (Which can be very hard to copy). Biometrics will use unique parts of the human body like feet, hands, finger prints, iris, ears and facial structure. Some biometric scanners are not as good as their expensive counterparts and as such, they will have a much higher FAR (False Acceptance Rate, where people are allowed access yet they are not on the database.) and FRR (False Rejection Rate, where people who have access are not allowed access.).
CRYPTOGRAPHY & DIGITAL CERTIFICATES Digital Certificates are where web pages are assigned a certificate that will tell the user that the webpage is secure and should be trusted. These certificates will contain information about what type of encryption (cryptography, the data is changed so that it cannot be read with being decrypted). These certificates are assigned by third party companies, which are also listed on a database so that the computer will be able to tell if the certificate was assigned by a verified company. The benefit of this is that it is easy for a user to determine whether the website they are visiting is the correct one (for example, when logging into an online banking webpage you may in fact be on a phishing website). A disadvantage of cryptography is that it can take a long time to encrypt and decrypt the data, or if the encryption is inadequate then a hacker can easily find out what the data was originally.
SCENARIO Suitable authentication methods for Internal Users: • Employees • Physical card to scan on entrance and exit of building. (security of on- site access, as well as in case there is an emergency a list of those who are on-site can be gained) • Login ID and password to access any system (user rank determines what they can access). (Limits who can access where and can prevent unauthorised access) • Physical card to scan to enter high security areas. (Prevent access to data storage or network rooms). • Network Manager • The same as Employees. • Number authenticator for administrative access (Generate random number based on PIN). (A unique number will help to prevent someone from being able to access the administrator account without having the physical device as well as the PIN number)
SCENARIO EXT. Suitable authentication methods for external users: • Digital Certificates for authenticity. This helps to tell the user that the website is secure and the correct one to be one for what they want. • User ID and password for user unique sections. This can prevent someone from obtaining personal information easily.

More Related Content

DOCX
Security Plan for Small Networks/Offices
Ajay Jassi
 
PPTX
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
PPTX
code of conduct
David Waddell
 
PPTX
System security
sommerville-videos
 
PDF
Security Policy Checklist
backdoor
 
PPTX
Computer security
OZ Assignment help
 
PDF
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
PDF
Security Awareness Training
Daniel P Wallace
 
Security Plan for Small Networks/Offices
Ajay Jassi
 
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
code of conduct
David Waddell
 
System security
sommerville-videos
 
Security Policy Checklist
backdoor
 
Computer security
OZ Assignment help
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
Security Awareness Training
Daniel P Wallace
 

What's hot (20)

PPTX
System Security-Chapter 1
Vamsee Krishna Kiran
 
PPTX
Security and control in Management Information System
Satya P. Joshi
 
PPT
Security & control in management information system
Online
 
PPTX
Disaster Proof
DigeratiGroup
 
PDF
Information system and security control
Cheng Olayvar
 
PPTX
Computer security concepts
Prachi Gulihar
 
PPTX
Computer security basics
Srinu Potnuru
 
PPTX
Ancaman & kelemahan server
Dedi Dwianto
 
PPTX
06. security concept
Muhammad Ahad
 
PDF
Disaster Proofing Your Computer Systems
andrewcahill
 
PDF
NSA and PT
Rahmat Suhatman
 
PPTX
Ics & computer security for nuclear facilities
omriyad
 
PPTX
Introduction to Network Security
John Ely Masculino
 
PPT
Security
Dr. Vardhan choubey
 
PPTX
Managing i.t security
OriginalGSM
 
PPTX
Cyber Security # Lec 3
Kabul Education University
 
PDF
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
 
PPT
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
PPT
Basic Security Chapter 1
AfiqEfendy Zaen
 
PPT
The Importance of Security within the Computer Environment
Adetula Bunmi
 
System Security-Chapter 1
Vamsee Krishna Kiran
 
Security and control in Management Information System
Satya P. Joshi
 
Security & control in management information system
Online
 
Disaster Proof
DigeratiGroup
 
Information system and security control
Cheng Olayvar
 
Computer security concepts
Prachi Gulihar
 
Computer security basics
Srinu Potnuru
 
Ancaman & kelemahan server
Dedi Dwianto
 
06. security concept
Muhammad Ahad
 
Disaster Proofing Your Computer Systems
andrewcahill
 
NSA and PT
Rahmat Suhatman
 
Ics & computer security for nuclear facilities
omriyad
 
Introduction to Network Security
John Ely Masculino
 
Security
Dr. Vardhan choubey
 
Managing i.t security
OriginalGSM
 
Cyber Security # Lec 3
Kabul Education University
 
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
 
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Basic Security Chapter 1
AfiqEfendy Zaen
 
The Importance of Security within the Computer Environment
Adetula Bunmi
 
Ad

Viewers also liked (9)

DOCX
Unit 32 assignment 2
mikey132
 
PPT
Unit 8 assignment 1
KingHarribo
 
PPTX
Unit8 e-commerce
adamlawson
 
PPTX
ICT BTEC UNIT 2 P4 and M2
OriginalGSM
 
PDF
Accessing the WAN: Ch4 - Network Security
Abdelkhalik Mosa
 
PPSX
Packet Tracer Tutorial # 2
Abdul Basit
 
PPTX
Network security
Madhumithah Ilango
 
PPSX
Packet Tracer Tutorial # 1
Abdul Basit
 
PPT
Network Security Threats and Solutions
Colin058
 
Unit 32 assignment 2
mikey132
 
Unit 8 assignment 1
KingHarribo
 
Unit8 e-commerce
adamlawson
 
ICT BTEC UNIT 2 P4 and M2
OriginalGSM
 
Accessing the WAN: Ch4 - Network Security
Abdelkhalik Mosa
 
Packet Tracer Tutorial # 2
Abdul Basit
 
Network security
Madhumithah Ilango
 
Packet Tracer Tutorial # 1
Abdul Basit
 
Network Security Threats and Solutions
Colin058
 
Ad

Similar to P3 m2 (20)

PPTX
P3
Matthew Horrigan
 
PDF
Remote Access Policy Is A Normal Thing
Karen Oliver
 
PPTX
zerotrustmodelpresentation-200107094517.pptx
niyazhasanov35
 
DOCX
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
toltonkendal
 
PDF
Information Technology Security Is Vital For The Success...
Brianna Johnson
 
PDF
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
PDF
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
PDF
zero trust - how to build zero trust.pdf
AliAlwesabi
 
PDF
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
International Journal of Technical Research & Application
 
PDF
MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PREMISES
IRJET Journal
 
PPTX
Data security
AbdulBasit938
 
PDF
Module 3-cyber security
Sweta Kumari Barnwal
 
PPTX
Ethical Hacking .pptx
johnnymaaza
 
PDF
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
PDF
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
PDF
10.1.1.436.3364.pdf
mistryritesh
 
PDF
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IRJET Journal
 
PPT
Network security
Ali Kamil
 
PDF
Elementary-Information-Security-Practices
Octogence
 
PDF
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
P3
Matthew Horrigan
 
Remote Access Policy Is A Normal Thing
Karen Oliver
 
zerotrustmodelpresentation-200107094517.pptx
niyazhasanov35
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
toltonkendal
 
Information Technology Security Is Vital For The Success...
Brianna Johnson
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
zero trust - how to build zero trust.pdf
AliAlwesabi
 
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
International Journal of Technical Research & Application
 
MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PREMISES
IRJET Journal
 
Data security
AbdulBasit938
 
Module 3-cyber security
Sweta Kumari Barnwal
 
Ethical Hacking .pptx
johnnymaaza
 
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
10.1.1.436.3364.pdf
mistryritesh
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IRJET Journal
 
Network security
Ali Kamil
 
Elementary-Information-Security-Practices
Octogence
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 

P3 m2

  • 1. M A T T H E W H O R R I G A N HOW TO MINIMISE SECURITY BREACHES IN A NETWORK
  • 2. POLICIES AND PROCEDURES Within an organisation, there must be policies set which govern what can be done by who, without these there would be several problems: Unsecure network, unsecure data, anyone can access anywhere. A data policy can be used to govern what kinds of data should be stored on the network as well as what happens to that data; Encryption, destruction or distribution. A Backup & Restore policy and procedure should be set in place so that the correct steps are taken when doing a backup (and when It should be done). There should also be a security policy on the network, this would govern how/what antivirus and antimalware software is run. A UAL (User Access List) can be put in place to control what a user can access this could include: Website Access, Network Access(networked drives), Software Installation and/or external media privileges. A leaving policy and procedure can help protect the network for when someone has left the company , their accounts and access methods should be disabled.
  • 3. USER RESPONSIBILITY After a user has signed the policy sheet, what they do on the network is up to them and whether they will coincide with the agreement they have signed or not. This would include things like how they use their email account (for example, sending out confidential data to a personal email), how they keep their data (On a USB data stick is not as secure as on an encrypted network) or whether they are going to try and access any unauthorised materials (websites, downloads) through avoidance techniques like a proxy.
  • 4. TRAINING Training all staff members is a basic thing that any company should do, this training will teach them the basics on how to keep their data safe and how to keep the network safe whilst using it. However, there is also the matter of keeping them trained, employees should be regularly trained to ensure that they have knowledge on the latest techniques that are used inside the network so that they can use them to their full advantage. This is often called “Continuous Professional Development”.
  • 5. PHYSICAL SECURITY Physical Security involves protecting the physical access points of the network: Data storage rooms and network rooms (or any room that should not be access by everyone) should have a secure locking mechanism (ID scan or lock and key). The network should have limits on how many resources can be shared among the computers, to prevent one or two from eating up the entire network’s resources and crashing it. Secure entrance/exits, with a locking mechanism to access them as well as a security guard. This will prevent unauthorised access to grounds. CCTV cameras can help to prevent unlawful action, or to find the culprit if something has happened.
  • 6. RISK ASSESSMENT & PENETRATION TESTING Risk assessment involves a thorough look at how the network can be damaged, this process is used to create new policies and procedures for the future protection of the network. Penetration testing should be used to help detect any faults or vulnerabilities in the physical access points of the network. Before this is run there should be policies set that determine what kind of backups and restore points should be generated, to prevent any accidental data loss. (or that the penetration testing should be run on a proxy network).
  • 7. M2
  • 8. IDENTIFICATION, AUTHENTICATION & AUTHORISATION When using any service, a user will be required to identify themselves, this is when they give something to the server that the server will then need to authenticate (to check whether it is real or fake, or ask for further details like unique numbers related to the person or a physical form of identification) and then the user will be authorised, if the details they entered are authentic and they are allowed to use the service.
  • 9. TWO FACTOR AUTHENTICATION The two factor standard of authentication is when the user will need to provide two different types of authentication. This is much more secure than a single piece of authentication as it can be very hard to either forge two pieces or to find out what the second piece is. This type of authentication is used in many places, one of the most used places would be in ATM machines where a physical card is required as well a personal identification number.
  • 10. USERNAME AND PASSWORD AUTHENTICATION The use of a username and password authentication method is that the username is unique and will only relate to one user. The password is not unique (as that may indicate to someone that the password is being used by someone else) but it should have minimum requirements for complexity. This access and authentication method is widely used across the internet, with accessing secure data areas or just accessing an online forum.
  • 11. BIOMETRICS Biometrics is another authentication method. It is a very secure method of authenticating as it requires physical body parts of a human being (Which can be very hard to copy). Biometrics will use unique parts of the human body like feet, hands, finger prints, iris, ears and facial structure. Some biometric scanners are not as good as their expensive counterparts and as such, they will have a much higher FAR (False Acceptance Rate, where people are allowed access yet they are not on the database.) and FRR (False Rejection Rate, where people who have access are not allowed access.).
  • 12. CRYPTOGRAPHY & DIGITAL CERTIFICATES Digital Certificates are where web pages are assigned a certificate that will tell the user that the webpage is secure and should be trusted. These certificates will contain information about what type of encryption (cryptography, the data is changed so that it cannot be read with being decrypted). These certificates are assigned by third party companies, which are also listed on a database so that the computer will be able to tell if the certificate was assigned by a verified company. The benefit of this is that it is easy for a user to determine whether the website they are visiting is the correct one (for example, when logging into an online banking webpage you may in fact be on a phishing website). A disadvantage of cryptography is that it can take a long time to encrypt and decrypt the data, or if the encryption is inadequate then a hacker can easily find out what the data was originally.
  • 13. SCENARIO Suitable authentication methods for Internal Users: • Employees • Physical card to scan on entrance and exit of building. (security of on- site access, as well as in case there is an emergency a list of those who are on-site can be gained) • Login ID and password to access any system (user rank determines what they can access). (Limits who can access where and can prevent unauthorised access) • Physical card to scan to enter high security areas. (Prevent access to data storage or network rooms). • Network Manager • The same as Employees. • Number authenticator for administrative access (Generate random number based on PIN). (A unique number will help to prevent someone from being able to access the administrator account without having the physical device as well as the PIN number)
  • 14. SCENARIO EXT. Suitable authentication methods for external users: • Digital Certificates for authenticity. This helps to tell the user that the website is secure and the correct one to be one for what they want. • User ID and password for user unique sections. This can prevent someone from obtaining personal information easily.