baker week 8

docx

School

Virginia State University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by jamelbaker

Report
Likely Shoe 1 JaMel Baker American Military University ISSC 421 8/23/2022
Likely Shoe 2 At Likely Shoe inc. we provide customers with top customized shoes therefore we deal with hundreds of transactions daily we need to adhere to many rules regarding transactions to protect both our company and our customers. The Payment card industry data security standard (PCI DSS) is a worldwide standard which is put in place to prevent credit card theft (Gibson, 2015) . With this standard in place, it helps million people feel secure everyday with making transactions across the global. This standard is still intact rather you have a secure Wi-Fi connection or an unsecure network connection. Since Likely Shoe Inc. is in the business of having access to personal identifiable information, we need to have a secure network that can prevent any hackers from accessing it. To have the proper configuration the network infrastructure must have the following within the configurations CIA, GRC, and AAA. All of these standards must be implemented on all devices that have access to Likely Shoe Inc. Within this report it will be discuss ways we can help protect customers information to keep the business running. Maintaining a secure network is always a long-term project goal with short intermediate actions that require much needed attention. Having a properly configured and secure network system is the perfect way to start planning for any network. There many cyberattacks looming that can alter the companies plan and affect millions of customers sensitive data. With cyberattack growing daily we must properly cover the mentioned guidelines above to be more aware of the situation at hand. CIA which is defined as confidentiality, integrity, and availability (Andress, 2014) . Confidentiality is put into place to limit access to certain sensitive information. Integrity is the ability to maintain the consistency of the data. Availability is to ensure that
Likely Shoe 3 reliability of the network for all consumers and users are maintained. The next standard would be AAA which goes over authentication, authorization, and accounting. Authentication is the secure way of accessing the site from any and all mobile devices as well as websites. Authorization comes from having the ability to access information is needed to conduct all transactions on a need-to-know basis. Accounting is ensuring the tracking of what information and the purpose of it. The last standard guideline we have will be the GRC which stands for governance, risk mitigation, and compliance. Within this standard Governance deals with the ethical management of information by the business employees. Risk Mitigation is the entire process in which all attacks are handled and addressed. Finally, compliance is the alignment of any corporate practice within regulation of any business. Cyberattacks can try to attack the business from many different lists of known cyber threats such as ransomware, man in the middle attacks, session hijacking, social engineering, and malware. Within this report it will be detailed the main three that can affect the business the most. Ransomware is a specify type of malware that can prevent users from accessing their system or personal files and which they demand a payment in order to regain access (Hassan, 2019) . This can be dementia to the company because we would be losing money in multiple ways due to a hacker using ransomware. The next attack will be session hijacking which is an attack that hackers take over a user computer session to obtain their session and act as a user on any network (Hu, 2020) . This is a major one as we don’t want our employees to get session hijack and the attackers have access to hundreds of customers sensitive data information. The last attack that can do major damage within the company would be social engineering which attackers used by sending out fraudulent emails, texts, and act as a website with the intentions of getting PII (Watson, 2014) . This can be extremely harmful to use because we don’t want our customers thinking that we sent out fraudulent emails
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Likely Shoe 4 hoping to gain access to their data. There are several things we can do to prevent any and all of these attacking from happening to us. The first step we must do is be educated, monthly trainings and maintaining proper software updates to emphasize the overall importance of network security. Monthly training should be done to preach the standards and company philosophy of keeping data secured and having a reliable network. Maintaining software updates would be on the IT team to ensure maintenance is done on the software and software updates are done weekly to keep the hackers out of the system. As for our employees they should regularly change their password within the company’s requirement. Within the company we already have a standard of having a complex password and a significant length to ensure the complicity of the password. Within this section of the case study, it will go in details of the fundamentals of a firewall and VPNs, as well as certain recommendations to use and how to implement those recommendations. Firewall can be commonly described as a system or device that is the defense system in place between a trusted network and an untrusted network (Hucaby, 2004) . There are numerous functions and types of firewalls that can be utilized to reduce cyber-attacks, some of the types are static packing filtering, application layer gateway, stateful packet filtering, application inspection, and transparent firewall. Static packet is a based firewall that is on the 3 and 4 lay of any OSI model. Application layer gateway is often called a proxy firewall in which they operate at the 3 rd layer of the OSI model as well. Stateful packet filtering is one of the most used firewalls in the world today, it is used by attackers on the outside trying to initiate session are denied by default. Application inspection is a firewall in which they analyze and verify protocol all the way up to the 7 th layer of the OSI model. A transparent firewall is often described with the use of packet-based filter and stateful filtering but it is implemented at layer 2 of the OSI model. A Virtual private network is a network that creates a safe and encrypted connection
Likely Shoe 5 over a less secure network delivered by Internet Services Providers. The recommendation for firewall and VPN would be to install the transparent firewall, create a VPN on a unified threat management firewall. Utilize the VPN on client access server within each remote access point. To help with the implementation of this setup the company would use two central domain points, a firewall and a web server located in the demilitarized zone which would be located directly behind the firewall. The UTM would be setup right behind the DMZ but in front of the web server. Within this report the network security would be perfect to maintain the security aspect of the company. The overall intention of an IT team would be to ensure the network is strong enough to handle the users and sustain against any cyberattack. With a strong security present, it makes customers feel at ease knowing their data is secured. Having customers worry free will generate more customers in the future. The plan is laid out with the basic security requirements needed along with recommendations needed to protect the company and customers without any cyberattacks gaining interest.
Likely Shoe 6 References Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Waltham: Syngress. Gibson, D. (2015). Managing Risk in Information System. Burlington: Jones & Barlett Leaning . Hassan, N. (2019). Ransomware Revealed: A Beginner's Guide to Protecting and Recovering from Ransomware Attacks. Berkeley: Apress. Hu, Q. (2020). A Session Hijacking Attack Against a Device-Assissted Physical-Layer Key Agrrement. IEE Transaction on Industrial Informatics . Hucaby, D. (2004). Cisco Firewall and VPN configuration Reference manual. Indianaplis: Cisco Press. Watson, G. (2014). Social Engineering Penetration testing: executing social engineering pen tests, assessments and defense. Waltham : Syngress.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

BUSS230 WK 5 Quiz.docx
BUSS230 WK 4 Quiz.docx
Module 3 open book written assignment lalita.docx
CITC 2326_Case Project 13-4.docx
Benchmark .docx
View.docx
PMGT701 Group Term Project Instructions - PART 12.pdf
Access Control Firewall Assessment Lab.docx
Intrusion Detection System (IDS) Lab.docx
Assignment 3 - Feasibility Assessment (1).docx
CITC 2326_Case Project 14-5.docx
MIS 111 Fall 2011 Project 4 111016.pdf