Beruflich Dokumente
Kultur Dokumente
Main Objective
To have a better security design for the company for a lower cost. Sensitive information must not be seen nor intercepted by unauthorized people. Improve companys security strength to reduce public doubts on company. To prevent or minimize web server downtime. Able to investigate any attack on any system real time, cause, source and able to mitigate it fast enough to reduce damage.
Connection
Although lease line are more secure but it is costly, we will be replacing lease line with Internet Protocol Security(IPsec) and Site to Site Virtual Private Network(VPN) on the connection to act as a private line, it is secure like lease line and cheaper than lease line.
Routers
- We have disabled telnet and enabled SSH for management to router from any location because telnet is not secure. - We recommend setting up security on the routers such as setting passwords on the console.
Mobile Users
Since most the of staff in Everest Pte Ltd are mobile in order to get business for the company, we will setup remote access VPN for mobile users to securely connect back to HQ to access the resources.
Equipment
New Equipment/Software Antivirus - Symantec endpoint protection 12.1.2 (Cost $54.18usd for one license a year.) Firewall appliances - Fortinet fortigate 100d (Cost $1,560.00usd) Snort Network Access Control Windows Server Update Service
Security
Antivirus
We have implemented Symantec endpoint protection to replace the freeware antivirus because Symantec endpoint protection will be able to protect against virus(Even against zero day attack) and it even has an intrusion prevention system to protect PCs and prevent data from being stolen or corrupted.
Firewall
We will be using the firewall feature which comes with Symantec endpoint protection along with Fortigate 100D physical firewall together with the built in firewall in Windows.
Security
Central Control
We have implemented central control by integrating Network access control(NAC) and Windows server update services(WSUS) to enhance the security deployment and push updates and patches to computers using windows server update services to keep computers up to date with the latest patch.
Web Server
We will implement redundancy and frequent backups on the webserver to reduce downtime, we will also implement Intrusion Prevention System(IPS) to prevent DoS attack and will have a monitoring service to notify Everest immediately if the server went down.
Security
Security administrator
We encourage Everest to hire a network security administrator to handle the security concerns and enforce policy among staffs as well as to send the staffs to accredited academy for basic security training.
Staffs
Q&A
Q: What is Zero Day Virus/Exploit ? A: A zero-day (or zero-hour or day zero) attack or threat is an attack
that exploits a new vulnerability in a computer application during the first 24 hours of it's first appearances.