GRIN - Security Policy for e-Fence Corporation's Network

Register or log in at GRIN

Your e-mail-address or password is wrong

Lost password

Your e-mail-address or password is wrong

Security Policy for e-Fence Corporation's Network

Please wait

Please install the Adobe Flash Player if no e-book is displayed.

Title: Security Policy for e-Fence Corporation's Network ()

Security Policy for e-Fence Corporation's Network

Scholary Paper (Seminar), 2001, 19 Pages
Author: Andreas Thiel
Subject: Computer Science - Commercial Information Technology

Details

Event: Intranet and Internet Management
Institution/College: UNITEC New Zealand (School of Information Systems and Computing)
Tags: Internet, Intranet, Security, Sicherheit, Netzwerk, Virus, Firewall, Strategie, Network

Category: Scholary Paper (Seminar)
Year: 2001
Pages: 19
Grade: B+
Bibliography: ~ 14 Entries
Language: English

Archive No.: V9416
ISBN (E-book): 978-3-638-16125-1

File size: 82 KB

Excerpt (computer-generated)

UNITEC – INSTITUTE of TECHNOLOGY
Faculty of Business
Department of Information Systems and Computing
Master of Computing Programme
Course ISCG815: Intranet and Internet Management

Security Policy for e-Fence
Corporation’s Network

Name:

Andreas Thiel

Due Date: November the 22nd, 2001

Table of Contents

Abbreviations II

1 Introduction 1
1.1 How much Security does a Company Need? 1
1.2 Procedure and Analysis Objectives 1

2 Products and Techniques to Enhance Security on e-Fence’s Intranet 2
2.1 What Security Services have to be Provided? 2
2.2 Anti-Virus Software 2
2.3 User Management 3
2.4 Monitoring and Auditing 3
2.5 Hardening the Operating System 4
2.6 Firewalls and Proxy Servers 4
2.7 Web Server Restrictions 6

3 Management and Generation of Performance and Security Reports 6
3.1 Intrusion Detection Systems 6
3.2 Logging 7
3.3 Network Administration and Management Tools 7

4 Secure Document Management Procedure 8
4.1 Document Management System 8
4.2 Cryptography Service 10
4.3 Authentication Service 10

5 Guidelines for Cost Effective Security Implementation & Management 11
5.1 Free Measures to Increase Security 11
5.2 Expensive Products to Increase Security 12

6 Conclusion 14

7 References 15

8 Bibliography 16

Abbreviations

[...]

1 Introduction
1.1 How much Security does a Company Need?

A company’s network serves the purpose of delivering information to all employees as fast and as easily as possible. However, the information that is delivered through such an Intranet has to be secured against attack or misuse from outside the organisation as well as from inside the organisation. Since the need of security always conflicts with the need of fast and easy information access, e-Fence has to decide what level of security is appropriate for different types of information.

Of course, total security can never be provided but a company has to consider several threats to its Intranet. These threats include physical threats (e.g. theft or damage of equipment), natural disasters (e.g. damage due to lightning or earthquakes), mechanical breakdowns, viruses and Trojan Horses, and people from outside or within the organisation attacking the network. (Baker, 1995, pp. 7-9). E-Fence has to mitigate these threats with a well-planned security policy.

1.2 Procedure and Analysis Objectives

This report will evaluate a security policy suitable for e-Fence Corporation’s Intranet. Therefore, it will first describe the appropriate techniques and products to enhance security on the Intranet. Then it will show mechanisms to manage and generate performance and security reports on all servers in the company’s Intranet. After that, it will address the deployment of a secure document management procedure and finally it will depict guidelines to implement and manage the security policy in a cost effective way. The report will focus on security means to prevent attacks from people within or outside the organisation and will not address the danger of mechanical breakdown or physical threats.

2 Products and Techniques to Enhance Security on e-Fence’s Intranet
2.1 What Security Services have to be Provided?

To ensure a network’s security several different security services have to be guaranteed. These are confidentiality, authentication, integrity, nonrepudiation, access control and availability. Confidentiality means that the company must ensure that no unauthorized person can gain access to confidential data, authentication means that a message must come from the source it claims to be from, integrity means that the data must be secure against unauthorized modification, nonrepudiation means that a message’s sender must be recognizable, access control means that access to specific data can be limited, and availability means that the system should be available all the time. (Stallings, 1995, pp. 10-12). To provide these security services, the threats mentioned in section 1.1 must be mitigated.

2.2 Anti-Virus Software

An important threat to a company’s network comes form viruses, worms and Trojan horses. These can destroy or manipulate software on any machine in the network. Usually they come hidden behind other software and infect computers, from which they can infect more machines in the network. Therefore, it is essential to have anti-virus software to protect the network against these threats. Anti-virus software scans files, detects the hidden viruses, and disables or deletes them. A very good product is the Norton AntiVirus Corporate Edition, which is currently available in version 7.6. This highly sophisticated software is available for different platforms and has many different functions to effectively protect a company’s network against all types of viruses, worms and Trojan horses. Furthermore, its virus definitions are updated on a regular basis, so that the system is always well protected.

[...]