Scribd Logo
Upload

Welcome to Scribd!

  • My Submission

    Uploaded by

    Abdelkebir Labyad
    3K views2 pages

    Original Title

    My_Submission.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Read this document in other languages

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3K views2 pages

    My Submission

    Uploaded by

    Abdelkebir Labyad

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Security Infrastructure Design Document

    1. An external website permitting users to browse and purchase widgets


     Keeping up with CIA standards, which is confidentiality, integrity and availability of data
    to customers specialty against an attack like the DDOS attack.
     Implementing the AAA authentication, authorization and accounting.
     Complex and long passwords with numbers, special characters, Upper and lowercase
    characters.
     Install server certificates using to verify and authenticate clients by Certificate authority.
     Having defined and well-established privacy policies is an important part of good
    privacy practices. Set in place guidelines on customer data handling.
     Periodic Audit is a good practice

    2. An internal intranet website for employees to use


     The system should be checking for, distributing and verifying software updates for
    software deployment.
     Kerberos is a network authentication protocol that uses tickets to allow (clients) to
    prove their identity over potentially insecure channels to provide mutual
    authentication. It also uses symmetric encryption to protect protocol messages from
    eavesdropping and replay attacks.
     Intrusion Detection and Prevention Systems or IDS/IPS systems operate, by
    monitoring network traffic and analyzing it. The difference between an IDS and an
    IPS system, is that IDS is only a detection system. It won't act to block or prevent
    an attack, when one is detected, it will only log an alert. But an IPS system can adjust
    firewall rules on the fly, to block or drop the malicious traffic when it's detected.

     Log analysis system, to monitor traffic coming in and going out of the network.

     RADIUS server implementation to manage access to internal networks, WiFi
    networks, email services and VPN services.
     A good password policy system would enforce length requirements, character
    complexity, and check for the presence of dictionary words, which would
    undermine the strength of passwords.
     Solutions like Microsoft's SCCM or Puppet Labs which allow administrators to get
    an overview of what software is installed across their fleet of many systems.
     Patching software bugs that can lead to verbalities and perform software updates in
    a timely manner.
     define policies concerning file sharing, files extensions and their classification.
     Employees education is also a determinant security factor to take inconsideration,
    in remediating phishing, social engineering and other attacks.
    3. Secure remote access for engineering employees
     VPNs are recommended to provide secure access to internal resources for mobile
    or roaming users. provide secure remote access, and link two networks securely
    using VPN tunnel.
     Or implementing a reverse proxy can be configured to allow secure remote access to
    web-based services without requiring a VPN.
     Layer 2 Tunneling Protocol is typically used to support VPNs. A common
    implementation of L2TP is in conjunction with IPsec when data confidentially is
    needed, since L2TP doesn't provide encryption itself.

    4. Reasonable, basic firewall rules


     We want to configure both host and network-based firewall to implicit deny
    rule. Meaning that everything should be blocked. Then, we'd selectively enable
    specific services, IP`s and ports that will be used.
     Active directory can be used to block users from being able to change host-based
    firewall rules or disabling it.
    5. Wireless coverage in the office
     The best practice to secure a wireless coverage is to implement The WPA2 with
    AES/CCMP mode encryption.
     Complex and long passwords with numbers, special characters, Upper and
    lowercase characters.
     Disabling WPS feature because the treat it can pose to a network
     Changing the SSID to something uncommon and unique, would also make rainbow
    tables attack less likely.
     Wireless hardening is also important, disabling unused port would help keeping the
    network secure.
    6. Reasonably secure configurations for laptops
     Anti-malware software
     Anti-virus to protect against the most common viruses know today
     Full Disk encryption provide protection again physical attacks against the system.
     Binary-white listing software

    You might also like