Introduction:

One of the most important and integral part of any company is security of the network. Any
breach in the security of the system can disrupt the flow of data and functionality. Along with
threating the privacy; the integrity of the data is also affected. Security consisting of several
protocols and techniques needs to be implemented to mitigate the threats. The companys
assets should have limited access by selected authorities. Along with limitation of access,
multiple defence layer mechanisms need to be implemented to reduced unauthorised access
and connections.

Physical security:
Securing the physical infrastructure is one of the critical issues of the network security. This
infrastructure comprises of several devices such as switches, routers, servers, and several end
devices like laptops, printers VOIP and many more. These devices need to be secured
physically as they are affected by numerous aspects like damage or theft of spare parts,
accidental hitting of reset button of servers, failure of power supplies and many more. One
solution to this problem is placing the physical devices into a secure room. If that room is
accommodated with extra supplies for power supply and other spare parts there is no need
to have constant access to that room. This limits the access by unauthorised people and
maintains the security.

Router:

The companys device should be divided into various levels of administrative controls. Each
level should provide access to the required officials.

The device can be assessed in numerous ways. If all the unused ports and interfaces are
disabled then the access points are reduced which in turn reduces the risks of unauthorised
access. Disabling unnecessary services is required as it can be used by the attackers to
penetrate into the companys network. This access can later help the attackers in exploiting
integrity of the company.

Secure remote access:

Most important task in security is to secure the administrative access. If this access is leaked
into illegitimate hands then the physical security of the devices is at risk. The parameters and
functions of the devices can be altered or changed. Also other systems within the companys
network are at risk if discovered and gained access for.
If the logs are maintained for the access provided, it is useful for later for administrative
purposes. Similarly each employee must maintain an account which will tracks his records and
actions.

Certain files, services and areas within the company should have limited access. Only
particular group of officials or services should be provided access.

Various methods of access points, devices ports and communicators needs to be secured.

Secure Local and Remote Access:

Remote access basically means to access the companys network remotely. Administrators
remotely access the companys network to keep auditing the security policies. Several
methods can be used such as Telnet, SNMP,HTTP and HTTPS. These connections allow
connection between routers and computers. The location of the computer connected can be
within the company or remote.

The flow of traffic between the administrators and the connected computer inside the
company needs to be encrypted. This can be done if HTTPS is used instead to HTTP or if SSH
is used instead of Telnet while establishing the connections.

DMZ Approach

A variation of the defense-in-depth approach is shown in Figure 3. This approach includes an

intermediate area, often called the demilitarized zone (DMZ). The DMZ can be used for servers that
must be accessible from the Internet or some other external network. The DMZ can be set up between
two routers, with an internal router connecting to the protected network and an external router
connecting to the unprotected network. Alternatively, the DMZ can simply be an additional port off of a
single router. The firewall is located between the protected and unprotected networks. The firewall is set
up to permit the required connections, such as HTTP, from the outside (untrusted) networks to the
public servers in the DMZ. The firewall serves as the primary protection for all devices in the DMZ.

DMZ
The DMZ can be used for servers that must be accessible from the Internet or some other external network. The DMZ can be
set up between two routers, with an internal router connecting to the protected network and an external router connecting to
the unprotected network. Alternatively, the DMZ can simply be an additional port off of a single router. The firewall is
located between the protected and unprotected networks. The firewall is set up to permit the required connections, such as
HTTP, from the outside (untrusted) networks to the public servers in the DMZ. The firewall serves as the primary protection
for all devices in the DMZ.

Firewalls:

Acme has a couple of racks consisting data centres which is connected to the internet. Having
direct connection to internet puts the entire company at risk. If adequate security is not
provided then the company may be at the risk of getting attacked by hackers. It can also be
affected by cyber threats or Trojans which are known to attack through security loopholes.
This risk of malicious attacks increases with the increase in the online activity in absence of
firewalls. Apart from protecting the data centres, it is also necessary to scan all the traffic
entering Acme.

In planning the security strategy for Acme, Firewall is the most important consideration.
Firewall acts like a guard on the gates on the companys network. All the packets entering
the network are well scrutinized. The entire traffic entering and exiting the Acmes
network will be filtered. Traffic which has registered access will be allowed in to the
resources. This traffic basically consists of legitimate users and office staff. All other users
visiting the company as guest will not be permitted as access. This act will help in reducing
malicious activities keeps the company safe.

Firewalls being installed can either be Hardware based or Software based.

Hardware Firewalls:

Hardware firewalls are usually placed between the companys network and the outside
environment. This firewall acts as filter and scrutinizes all the traffic entering and exiting
Acme. One speciality of this type is the use of operating systems and software which is
preinstalled. There is absolutely no requirement to configure the firewall separately on
each device present in the companys network. Also when the updates are released, it is
a lot easier to update single firewall rather than updating all the devices in the company.

Software Firewalls:

This type of Firewall is usually configured on the device individually. Along with providing
extra layer of security it also provides a support to the hardware firewall in filtering the
traffic. These firewalls have different filter rules depending on the use of the device and
requirements of the Staff. This type of firewall will be used to limit staffs activity outside
Acmes network. The use of resources of illegal use will also be reduced.

ACL:

The Acme Company has raised a problem regarding the accessibility issue. Several staff
members have been accessing data stored between the two divisions. The access of the
activity needs to be restricted and this can be done by implementing the ACLs.In order to
control the traffic entering into the companys network and to mitigate the amount of attacks
happening ACLS can be implemented. Security requirements are set depending on the type
of class the traffic is categorised into. It provides a list of permit and deny rules which block
and permit the traffic. Based on numerous criteria such as source address, protocols, port
numbers and destination address these rules can be set.
Firewalls are used to control several online activities:

IP scanning:
All the ip addresses entering and leaving the network are scanned. The addresses
registered with the company will be allowed into the network. All other ip addresses
will be blocked.

Domains scans:
Several domains which pose as threat to the company are blocked by the firewalls.
This reduces the risks of being attacked.
With the help of domain scans, certain websites will be blocked which will
prevent the staff from downloading inappropriate materials.

As each packet entering Acme is scanned, the contents of the same are checked
thoroughly. Any content within the packet of attached to the packet if found malicious,
the entire packet is dropped. Also the source of the packet may be permanently
blocked.
If these principles are installed, the contractors and sales people visiting the
company will be restricted from accessing companys server and using internet.

Wireless Network security for Acme:

Wireless network in any environment gives the freedom of space and location of devices. The
need of long and confusing wired networks is cut short and replaced with a simple login id
and password. Though this invention increases mobility in the network, security aspects are
equally affected. Wireless networks makes use of radio waves which occasionally leak outside
the predetermined radius of the set up. This enables the hackers and other attackers to see
the traffic and perform malicious activities.

With respect to current situation in Acme Company, along with absence of security policies
required for protection of the companys network all the company assets like documents,
restricted data, financials and security are at risk.

It is a known fact that wireless network in any company is more prone to being attacked as
compared to Ethernet connected devices. Along with the usual password protection and virus
detection methods, additional security is required. Several security issues such as Rogue
access points or illegitimate traffic affect the integrity and security of the Company.

Several Security procedures can be used to mitigate these attacks and security concerns.
Among the many standards used for numerous companies, Encryption and Authentication
practices can be incorporated within Acmes network to secure the wireless network.

Encryption method:
 In the world of wireless network, if the hacker masquerades into Acmes network, he
will be able to see all the traffic flowing in and out to the company. If Encryption is
used to protect the data, the same traffic will be visible to the hacker but the only
difference will be; messages will be scrambled. Encryption makes use to special keys
to encrypt the message. Only legitimate staff members of the company who have the
access to key can read the encrypted message.

Authentication:
This procedure will enable the company recognise if the user accessing the
network is legitimate. Numerous aspects such as passwords, RFID scans, and
validity of Identification cards are used for authentication purposes.
Staff members having valid permission and access will be allowed into the
restricted areas on the company. This will restrict the access to data between
data divisions by general staff.

Task 2: Security Policies

2.1 Security policies for Email services
2.1.1 Overview:

In Acme, email service is one of the most important service as all the staff members and other
officials rely on this service for several purposes like communication, announcements,
spreading awareness and many more. Most of the crucial transactions related to Acmes
finance and security is shared over email services. Being most important media of
communication, it is of outmost importance that the security issues related to the same must
be well drafted.

2.1.2 Purpose:

The main purpose of this set of policies is that the email service should be used for official
purposes. It should be accessible by legitimate users and staff members. It will provide brief
details of the minimum requirements for Acmes network.

2.1.3 Scope:

Policies are drafted to avoid misuse of the email services provided by Acme to its employees.
These policies are applicable to all people working for Acme. It is also applicable to people
from outside Acmes network such as contractors and sales people.

2.1.4 Policy:

All email accounts registered in the name of Acme must follow the rule of ethics, conduct
and safety. The use of the same must be consistent and safe.
 The use of the email services must be strictly limited to business purposes. Personal
communication and use of this service is allowed to a limited extent.
The attachments and details shared over this service should be secured.
All email services used for business purposes shall be retained.
Business emails being forwarded to any third party systems is strictly prohibited.
Any email containing confidential information or documents regarding Acme should not
be forwarded to nay induvial outside Acmes network.
Use of resource within the email services must be restricted for business work. Email
services used for personal entertainment should be shaved in a different folder.
Storing Acmes important documents and transaction details into third party applications
such as google drives and yahoo servers is not acceptable.
Acme holds the rights of highest records to scan and monitor all messages and documents
shared from its official accounts.

2.2. Security policy for Wireless Network

2.2.1 Overview:

Any company running on wireless network, needs to be secured. With the mass revolution of
numerous smart devices there has been a considerable rise in threat to the security of the
company.

2.2.2 Purpose:

This policy is drafted in order to secure all assets and information related to Acme. All
information regarding transactions, meetings, finance and network management shared on
Acmes network is protected. All devices configured to Acmes network must satisfy the
required standards mentioned in the policy.

2.2.3 Scope:

This policy and its rules are applicable to all staff members, contractors and sales people
visiting Acme. All devices that connect to Acmes wireless network should follow the policy
statement irrespective of them being inside the network or having a remote connection to
the company.

2.2.4 Policy:

All devices in Acmes network must follow the companys authentication protocols.
All devices in Acmes network must follow the companys encryption protocols.
 Mac address of each device must be registered with Acme. Acme has rights to track
the activities and movements of the devices.
Devices configured to Acmes network should not interfere with wireless installations
by other institutions within the company.
All the devices that fail to meet the standards and requirements drafted by Acme will
not be allowed access into the network.