Unit 3 Assignment 1 Remote Access Control Policy

In: Computers and Technology

Submitted By Rg831437
Words 261
Pages 2
Identification- Richman needs to assign a unique identifier or password to the individual users; this will assist and have accurate record of the users on the network. With a unique identifier lots of data can be recorded and kept just incase something happens with the network Richman can know exactly when, where, and more details of how this incident transpired.
Authorization- Richmann’s investments have to clarify and make known the rules as to who and what computers can gain access to the network resources. I would be best to create a group membership to help avoid accidents within the network. The administrator can assign different users to different group within the network ensuring that everything is place as he/she wants it. The users’ access would be based upon what group they are in that was put in place by the administrator of the network.
Authentication- When a user try’s to get into the network system there must be proof in order to enter the network. Some people may think there is a lot of security to enter and access parts of the network but it is better to be safe as possible as a hacker taking or corrupting all the information causing a major or a possible critical problem.
Accountability- Users will be held accountable and responsible for anything they do within the network system. I suggest using logs files that information is kept and users have to log in on a daily bases. Using a log book can help prevent, detect, or monitor access to the network…...

Similar Documents

Richman Investment Remote Access Control Policy

...Richman Investment Richman Investment Remote Access Control Policy Document Remote Access Control Policy Document 01/14/14 01/14/14 Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy - Passwords 5 6.1 Choosing Passwords 5 6.1.1 Weak and strong passwords 5 6.2 Protecting Passwords 5 6.3 Changing Passwords 5 6.4 System Administration Standards 6 7 Applying the Policy – Employee Access 6 7.1 User Access Management 6 7.2 User Registration 6 7.3 User Responsibilities 6 7.4 Network Access Control 7 7.5 User Authentication for External Connections 7 7.6 Supplier’s Remote Access to the Council Network 7 7.7 Operating System Access Control 7 7.8 Application and Information Access 8 8 Policy Compliance 8 9 Policy Governance 8 10 Review and Revision 9 11 References 9 12 Key Messages 9 13 Appendix 1 10 Policy Statement Richman Investments will establish specific requirements for protecting information and information systems against unauthorised access. Richman Investments will effectively communicate the need for information and information system access control. Purpose Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of Richman Investments which must be managed with care. All information has a value to the Council. However, not all of this information has an......

Words: 2211 - Pages: 9

Unit 3. Access Controls

...NT2580 Unit 3 Access Controls 01/22/2014 1. For the construction company scenario the data would probably consist of customer contact information, accounting, and inventory. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. 2. For the advertising company scenario the data would probably consist of customer contact information, accounting, and inventory. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. 3. For NetSecIT, I would implement all access controls on this organization because of the size of the company and the remote access. For administrative controls I would administer a password policy. For the logical/technical controls I would have passwords checked and enforced. For the software controls I would make sure that updates are checked regularly. For the hardware controls I would utilize MAC filtering and smart card use. For the physical I would utilize security guards and ID badges. 4. For Backordered Parts, I would implement all access controls for this organization because it is a defense contractor that builds communications parts for the military. For administrative controls I would administer......

Words: 362 - Pages: 2

Remote Access Control Policy Definition

...Remote Access Control Policy Definition Introduction to Information Security Remote access is the ability to log onto a network from a distant location. Generally, this implies a computer, a modem, and some remote access software to connect to the network. Whereas remote control refers to taking control of another computer, remote access means that the remote computer actually becomes a full-fledged host on the network. The remote access software dials in directly to the network server. The only difference between a remote host and workstations connected directly to the network is slower data transfer speeds. The purpose of a remote access policy is to define the standard connection to the company’s network from any remote host, untrusted host and remote network, including untrusted hosts on the company’s intranet. These standards are designed to minimize the potential exposure to the company’s from damages, which may result from unauthorized use of the company’s resources. At the main location, a set switches and routers are interconnected to from a Wide Area Network. The switches can be connected in different topologies. All remote users must follow the security requirements set forth in the standard for the company’s remote host accessing Information Technology Resources prior to such access, as well as any guidelines, procedures or other requirements issued by the Information Technology Department. Within the virtual private network multiple Virtual Private Network......

Words: 660 - Pages: 3

Remote Access Control Policy for Richman Investments

...Remote Access Control Policy for Richman Investments 1.0 Overview This remote access policy defines standards for connecting to the organizational network and security standards for computers that are allowed to connect to the organizational network. This remote access policy specifies how remote users can connect to the main organizational network and the requirements for each of their systems before they are allowed to connect. This will specify: 1. The anti-virus program remote users must use and how often it must be updated. 2. What personal firewalls they are required to run. 3. Other protection against spyware or other malware. The remote access policy defines the methods users can use to connect remotely such as dial up or VPN. It will specify how the dial up will work such as whether the system will call the remote user back, and the authentication method. If using VPN, the VPN protocols used will be defined. Methods to deal with attacks should be considered in the design of the VPN system. 2.0 Purpose The purpose of this policy is to define standards for connecting to department’s network from any host. These standards are designed to minimize the potential exposure to department from damages that may result from unauthorized use of department resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc. 3.0 Scope This policy applies......

Words: 1336 - Pages: 6

Remote Access Control Policy Definition

...The following are types of Remote Access Control Policy I would like to put into place to make sure our company’s data is secure. We need to get the right security measures so the correct people can have access to the data they need to do their job. I would start by setting up a Remote Authentication Dial-In User Service (RADIUS), a VPN, Firewall, Local Biometrics, RSA – F.O.B. by using a security key carried by the employee or set it up on the local server. I would start in the Main office that is located in Phoenix, AZ by install a RADUIS, this is a client/server protocol that runs in the application layer and will connect all the employee and visitor to the server. In the main office, we need to set up a database with all username and passwords for the employees’. At all the satellite facilities, we need to set up the proper VPN, Firewall protection as well as setting up some type of biometric logon system or a random number generator where a user will be given a security key and they will need to input that when they log on to the system. We need to set up the password system to reset every 3 months and set up a password remembrance. For the mobile devices that the sales department will need, I would suggest to encrypt the local hard drives if stolen and set up biometric thumb scanner as well as a security key require to log on to their systems....

Words: 261 - Pages: 2

Unit 3 Discussion 1: Access Control Models

...Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Discretionary Access Controls should be used in this scenario because the company is small and not in need of high security environment. This solution is the simplest to maintain and monitor for a small business. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smart phones. Mandatory Access Controls should be used in this scenario because the employees primarily communicate using smart phones, which opens up a security risk. Mandatory Access Controls are a step up stronger than Discretionary Access Controls, but are still relatively simple to monitor for a small business. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smart phones and e-mail. Many employees work from home and travel extensively. Role Based Access Control should be used in this scenario because this is a large company with employees who travel and work from home. The roles should be controlled by a Security Administrator who could provide different levels of security to individual users. There would be some overhead in startup to get up and running but once in place this should be easy to manage. 4. Backordered Parts is a defense contractor that builds communication parts for the military. All......

Words: 407 - Pages: 2

Remote Access Control Policy

...Remote Access Control Policy Definition What is remote access? Remote access is the ability to log onto a network from a distant location. What that means that a computer, a modem, and some kind of remote access software is required to connect to the network. But remote control refers to actually taking control of another computer, whereas remote access means that the remote computer has the ability to become a hot on the network. When you use remote access software it will directly dial into the network server. There is a difference between a remote host and workstations that are connected directly to the network is the slower data transfer speeds. What the purpose behind a remote access policy is to define the standard hosts on the company’s intranet from the remote host, non-trusted hosts (on the company’s intranet too), and remote network. These standards are setup to minimize any potential exposure to the company’s network and data from any damages, which are a result of unauthorized access by attackers through the network, virus, software, and more. When it comes to the main location of the company, it will have a Wide Area Network (WAN), along with the WAN there will be a set of switches and routers connected to and from the WAN. This allows for the switches to be connected to different topologies. A Virtual Private Network (VPN) will be created using Internet Protocol (IP) by the company’s IT department. Within the VPN there will be other VPN routers will......

Words: 889 - Pages: 4

Unit 3 Assignment 1

...October 1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to......

Words: 364 - Pages: 2

Remote Access Control Policy

...Remote Access Control Policy The Remote Access Control Policy for Richman Investments is designed to protect the confidentiality and integrity of our corporate and customer information. All remote sessions, including internal wireless access will utilize PKI certificates from a public trusted third party vendor using encrypted tunnels on the Internet. Site-to-Site data exchanges will be conducted using IPSec encrypted Tunnels. Customer Remote Access These Connections must allow the customer to securely exchange information with our Web Server applications. The Web Servers will be place on the Corporate DMZ and the Database Servers on the interior corporate LAN. Web to Database traffic will be encrypted. The Web Servers will have PKI certificates from a trusted third party vendor to eliminate spoofing. Data will be encrypted using SSL connections initiated on the customer’s Browser to maintain confidentiality. The customer will need to supply a username and password which the Web browser will pass to a RADIUS Server for Authentication, and Access permissions prior to granting access to protected areas of the Website. Employee Access All Employee Connections, internal and external, to the Internal LAN at all sites will utilize Two Party Authentication to minimize the risks of utilizing passwords as the primary access method. Employees will have a employees will have a onetime pass key generating token (Ex. RSA) and PIN in addition to their Username and Password to......

Words: 510 - Pages: 3

Unit 3 Access Control

...Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business. Scenario 2: (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads. Scenario 3: (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage. Scenario 4: Content-Dependent Access Control. Since everything that the company does depends on the individual material being manufactured the above Access Control type should be apparent. Giving permissions by what is contained in each individual file is more costly but, a lot more secure. It also allows the company to monitor the data sent less as each document is given its own set of roles. Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security measures would be assigned to each user and monitored by the security administrator(s). Using this Access control method would allow for......

Words: 288 - Pages: 2

Unit 3 Discussion 1: Access Control Models

...Unit 3 Discussion 1: Access Control Models Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business. Scenario 2: (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads. Scenario 3: (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage. Scenario 4: Content-Dependent Access Control. Since everything that the company does depends on the individual material being manufactured the above Access Control type should be apparent. Giving permissions by what is contained in each individual file is more costly but, a lot more secure. It also allows the company to monitor the data sent less as each document is given its own set of roles. Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security measures would be assigned to each user and monitored by the security administrator(s). Using this......

Words: 295 - Pages: 2

Remote Access Control Policy Definition

...Remote access security policy involves the policies and conditions that are in place that allow users to connect to servers when out of the network. In the case of Richman industries, they are interested in maintaining connections with their users, and sharing app data that is on a server for their day to day operations. In their case, I would have access policy that is based on Explicit Allow policies. This means that the policy grants “Permission” to access the servers remotely if the connection attempt matches the policy conditions. Some of the requirements would include strict control enforced via one-time password authentication or public keys with strong pass-phrases. Also, anyone trying to gain access must not be connected to any other network at the same time, aside from personal home networks under the user's complete control. Further, employees with access must not use email accounts other than the company's standards, so that personal use won't be confused with business. Users must have approved virus control and spyware protection in place on all devices accessing the company network. Remote access will be limited in certain areas, while at least Applications will be approved for access (Shared application data is an important part of Richman’s network). Systems and system settings will not be accessible from remote, out of network connections, to protect from outside alterations of systems or system settings, and any Data access will be read only, with......

Words: 300 - Pages: 2

Unit 3 Discussion 1: Access Control Models

...Unit 3 Assignment 1: Remote Access Control Policy Definition Learning Objectives and Outcomes * You will learn how to design a remote access control policy definition for an IT infrastructure. Assignment Requirements Richman Investments is an investment and consulting firm. The company wants to expand its business operations both in the U.S. and in foreign countries. It intends to eventually have 10,000 employees in 20 countries. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in: * Atlanta, Georgia * Chicago, Illinois * Cincinnati, Ohio * Denver, Colorado * Los Angeles, California * Montreal, Canada * New York City, New York * Washington, D.C. The North American offices have a total of 5,000 employees who use desktops, mobile computers, and wireless devices. The Phoenix office has an Internet connection to all remote offices because redundancy is extremely important to the company. There are several sensitive applications that all offices use. The management from each office share application information that is hosted at the corporate office. Design a remote access control policy for Richman using the appropriate access controls for systems, applications, and data access. Include the design and justification for using the selected access controls for systems, applications, and data access. Required Resources * None Submission Requirements ...

Words: 277 - Pages: 2

Remote Access Control Policy Paper

...Tuesday Night Class Remote Access Control Policy To begin designing a remote access control policy for The Richman Company, several configurations must take place. First, I would begin with the Explicit allow The remote access policy is set to "Grant remote access permission" and the connection attempt matches the policy conditions. Secondly, I would enforce The Explicit deny policy. The remote access policy is set to "Deny remote access permission" and the connection attempt matches the policy conditions. Lastly I would implement The Implicit deny policy; in case The connection attempt does not match any remote access policy conditions. After implementation of several security policies, I would create a SSL VPN network. This is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. Every Richman Employee must meet the Policy Conditions to the properties of the connection attempt made by the remote access client. There can be one or more Remote Access conditions applied to a single Remote Access Policy. More Importantly, Every employee must also meet Remote Access Permissions. If all the conditions for a Remote Access Policy are met, then Remote Access Permission is......

Words: 392 - Pages: 2

Richman Investments Remote Access Control Policy

...Russell Nelson RNelson-IT255-Project-Part 1 5/26/2012 Multi Layered Security Plan Richman Investments 1) General       This plan will give an overview of the security strategies that will be implemented at each level of the IT infrastructure for Richman Investments. 2) User Domain   a. Use security awareness training to instruct employees of Richman Investments security policies.   b. Audit user activity. 3) Workstation Domain   a. The usage of antivirus and anti malware programs on each user computer.   b. Implement strict access privileges to corporate data.   c. Deactivation of media ports. 4) LAN Domain   a. Utilizing network switches.   b. Utilize encryption to wireless access points.   c. Secure server rooms from unauthorized access.   5) LAN to WAN Domain   a. Closing off unused ports via a firewall to reduce the chance of unwanted network access.   b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent. c. Run all networking hardware with up to date security patches, and operating systems. 6) WAN Domain   a. Enforce encryption, and VPN tunneling for remote connections.   b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks.   c. Enforce anti virus scanning of email attachments.   d. Isolate malicious software (virus, Trojans, etc.) when found.   e. Deployment of......

Words: 280 - Pages: 2