The Basics of Devising Security Policy & Network Access Control

An Overview of Security Policy Considerations

There are a large number of security policies and network security designs but general security policies areas would likely include:

o Information- Information includes customer accounts, employee information, and competitive intelligence in the form of emails and other communications. It is absolutely vital that information be protected at the user level with passcodes.

o Computers and devices- Physical property such as computers and machines. The physical workplace needs to be considered for security protection as these physical assets which can be prone to cyber attacks.

o User security- This includes required protocols for information handling and network access such as using passcodes and claims-based authentication that allows user to enter from external or different computers by challenging the user for authentication (Microsoft, 2015).

o BranchCache- Depending on the size of the network this can provide backup by maintaining copies in a central or headquarters location. The BranchCach copies content from file servers and caches (saves in memory) the content onto regional or departmental file servers allowing client computers to access the content locally rather than over the WAN. (Microsoft, 2015). This reduces the ability of intruders to gain access to the network.

VLAN and Network Device Configuration Policies

o VLAN security on network devices- All unused ports will be shut down or placed in a black hole VLAN. By shutting down or isolating all unused ports will disable trunking of the unused ports. Along with this shutting down of ports, Dynamic Trunk Protocol will be turned off to prevent automatic negotiating to trunking mode.

o Port security on network devices- Enabling port security limits the amount of MAC addresses that can connect and send data on the ports to which they are connected. This prevents unauthorized MAC addresses from connecting to a port and obtaining access to the network.

o DHCP snooping on network devices- DHCP snooping will be enabled in order to provide another layer of defense through the router. This acts as a second firewall between the DHCP server and untrusted systems.

o Terminal Security- All terminals could also use Windows BitLocker Drive Encryption. This is a security feature that provides data protection for computers by encrypting all data stored on the Windows Operating System volume (Microsoft, 2014). BitLocker protects the Windows Operating System and user data, and helps to ensure a computer is not tampered with in the invent it is lost or stolen (Microsoft, 2014).

Domain Security and Configuration

o Enforcing GPOs- Renaming the local Administrator Account on large numbers of systems can be time consuming which is why enforcing GPOs allows for easier management. This GPO offers security to all systems in network domain by renaming the local Administrator account which could be exploited.

o Disabling Guest Accounts- Active Directory allows for guest accounts disablement to be enforced at the domain. Disabling the Guest Account prevents unauthorized access from a threat.

o User Account Control- User Account Control will provide security by enforcing standard user level access and administration authentication for any changes or modifications to a system (Microsoft, 2015). (Prompts a user for Administrative rights when accessing applications, registry or file systems.)

Realistically, a network is never 100% protected because of the more security that is added, the less functionality on the network. For this reason, security often focuses on user access at the domain and user level with protocols in order to allow for functionality and enforce security practices.

References

Kroenke, D. (2013). Experiencing MIS (4th Edition). New Jersey: Prentice Hall.

Microsoft. (2015, October 19). BranchCache Overview. Retrieved from Tech Net Microsoft: https://technet.microsoft.com/en-us/library/hh831696.aspx

Photo by Misha Feshchak on Unsplash