PROJECT PART 1

PROJECT PART 1

This Multi-Layer Security Plan for Richman Investments will give a brief overview of
the security strategies that will be implemented at each level of the IT infrastructure.

The User Domain is the most vulnerable because of the lack of user knowledge and overall
understanding of what attacks might look like, and may be easily tricked into releasing important
information.

All users should be trained and instructed of the security policies.

Auditing of user activity will help ensure that users are following correct procedures
according to the security policy.

All users should sit through security classes.

All users will be updated with the newest policies within a timely fashion.

The Workstation Domain is susceptible to unauthorized access and out of date Anti-Virus
software.

Each workstation should have Anti-Virus/Anti-Malware software installed and made to

be sure that is up to date at least weekly

Sensitive corporate data should have strict access policies.

Passwords policies should be enabled though the GPO, and be set to a strict level.

PROJECT PART 1

The LAN domain is susceptible to physical access to network assets.

Utilizing network switches

Using the highest available encryption to wireless access points (WPA 2)

Make sure that all server rooms are secure from unauthorized access. (Access lists, signin sheets for contractors and tech-reps working in the server room, coded or un-replicable
locks on doors)

The LAN to WAN Domain is susceptible to network scanning

Run all networking hardware with up to date security patches, and operating systems

Monitor inbound IP traffic, more specifically looking for inbound transmissions that
show signs of malicious intent

Closing off unused ports via a firewall to reduce the chance of unwanted network access

Install IDS/IPS on the network to monitor and combat network anomalies; also use a
proxy server such as ISA or TMG to filter unknown or malicious traffic

WAN Domains must have a secure way communicating over remote access.

PROJECT PART 1

VPN tunneling should be used for remote connections, Encryptions should be enforced.

Configure routers, and network firewalls to block Ping requests to reduce chance of

Denial of Service attacks

All Email attachments should be scanned before being opened.

Isolate found malicious software (virus, Trojans, etc.) when found

Securing mobile access is the main concern for the Remote Access Domain

Encrypt the hard drives of company computers, laptops and mobile device to prevent the
loss of sensitive data.

Require the use of authorization tokens, have a real-time lockout procedure if token is
lost, or stolen

Establish strict user password policies, as well as lockout policies to defend against brute
force attacks

For the System Application Domain, having business continuity and disaster recovery are the
main concerns for this domain.
Solutions:

Develop a backup policy for all critical and sensitive data to maintain daily operation.

A DRP and BCP should be developed for maintaining availability and continuity of
operations.

PROJECT PART 1

References
http://en.community.dell.com/dell-groups/small-business/b/smb/archive/2011/11/16/10-ways-toimplement-multi-layered-security. (n.d.).
http://www.afcea.org/content/?q=layered-approach-security-planning-offers-best-defenseagainst-attacks. (n.d.).
http://www.pcworld.com/article/141361/article.html. (n.d.).

PROJECT PART 1