Ryan Shelander
The following Multi-Layered Security Plan outline I am submitting for approval and
implementation for Richman Investments, will provide a sound security plan for the firms
most important mission critical assets, identifying and reducing vulnerabilities, Risks and
threats to the firms confidential proprietary intelligence, sensitive customer data and
other important assets within each of the Seven Domains that make up the core for the
year progressive implementation achievement plan starting with one or two security
First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains
that make-up the firms IT infrastructure. Secondly, proposed security measures and
Keeping information assets secure is challenging for any business, regardless of its
sophisticated and organized that their operational methods are similar to those of
What's more, while yesterday's attack activity consisted of a single compromise aimed
at gaining access to the data on a computer, current attack techniques are multi-staged.
Hackers use their initial compromise to establish a beachhead from which they can
launch subsequent attacks. With an estimated 1.25 billion Internet users worldwide,
While these current threat treds should give any Internet user pause, they can be
particularly worrisome for small businesses. After all, with confidential business
information at risk yet limited IT staff on hand to focus on security, small businesses
must be very vigilant. To that end, by putting in place multiple layers of defense, small
threats(Symantec 2008).
Here are some ways we can use domain names to help connect between the different
cities within Richman Investments. User Domain: Main concern at this domain is lack
of user knowledge on what different attacks look like and proper response protocols.
A) Training: send emails on security best practices; alerts on common and new attack
vectors; hold company-wide training segmented throughout the day; place Infosec,
Opsec posters and incident response procedures in every space
B) Auditing of user activity: Setup a script to run on the proxy server utilizing a dirty
word list to search user internet usage
Workstation Domain: Main concern here is unauthorized access and out-of-date antivirus software. Here are some solutions:
LAN Domain: Main concern here is physical access to network assets. Here are some
solutions:
A) Securing high-priority systems: Establish access lists; combo/cipher locks for server
and switch rooms; also have a sign-in sheet for contractors and tech-reps working onsite
B) Implement Kerberos as another secure means of identifying users over a nonsecure network
LAN to WAN Domain: Main concern here is the attempt for attackers to scan the
network. Here are some solutions:
A) Install IDS/IPS on the network to monitor and combat network anomalies; also use a
proxy server such as ISA or TMG to filter unknown or malicious traffic
WAN Domain: Main concern here is providing a secure way of communicating over
B) Configure routers and network firewalls to use stateful packet inspection for blocking
Remote Access Domain: Main concern here is securing mobile user communication.
And Finally An Actionable Plan, A sound security plan is the first step towards a
multi-layered defense. To develop a plan, the company must assess its most important
appropriate for mitigating risk, then implement a strategy for putting the plan into action.
and is also a primary conduit for malicious code. Protecting email against viruses,
worms, spam, Trojan horses, phishing attacks and other threats requires a variety of
filtering, and firewalls (Symantec 2008). Such security technologies must be installed at
various levels of the infrastructure-such as the gateway, mail servers and desktop or
laptop. This way, threats that may bypass one level are dealt with at another. In
addition, layering security helps mitigate the risk of an employee who disables
In Conclusion , The purpose of multi- layered security is to first deter intruders from
entering in the companies site. However, knowing that we cannot deter all potential
attacks, we must support deterrence with delay, detection, and response. With this
.
.
References