U5 Assignment 1 IT2250 - U5A1 PDF

Preview

Summary

U5A1...

Description

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

UNIT 5 ASSIGNMENT 1 John Mekita IT2250 INTRODUCTION TO NETWORK TECHNOLOGY Alidad Jalinous Capella University December 13, 2019

1

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

2

Table of Contents Introduction----------------------------------------------------------------------------------------------------3 Network Security Plan-------------------------------------------------------------------------------------3-4 Common Vulnerabilities, Risks and Issues-------------------------------------------------------------4-5 Protection Plan-------------------------------------------------------------------------------------------------5 Policies That Protect the Hardware and Physical Aspects of the Network -------------------------5-6 Hardware Areas That Need To Be Secure-----------------------------------------------------------------6 Steps That Will Be Taken to Ensure the Security of the Operating Systems and Network Files--7 Measures That Are Necessary to Protect the Transfer of Data for the Remote Employees--------7 Conclusion-----------------------------------------------------------------------------------------------------8 Resources-------------------------------------------------------------------------------------------------------9

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

3

Introduction The purpose of this network security plan is to show what the hospital is doing to secure their network and data within the network. The thought of anyone gaining easy access to the personal and sensitive information we give our healthcare providers is imperative to why network security is essential to healthcare providers. On a daily basis personal and financial information is given to medical providers and stored in their systems internally. The need to protect that data is crucial and a properly protected network will avoid HIPAA violations. HIPAA stands for the Health Insurance Portability and Accountability Act, which holds our medical providers accountable for leaking our sensitive data. I will be discussing how my team and I can create a network security plan for this hospital. Network Security Plan In order to create the most secure network, we would first need to assess the needs of the hospital. It is valuable to determine what the security goals are for the hospital so we are able to implement the appropriate security protocols. We would need to look at what security measures are already in place and how can we improve them. It would be helpful to know if any of the departments will need VPN access to the network. It is crucial for us to know how many people are accessing the network and if different security accesses needs to be granted. It should be taken into consideration that the patients may need to access the WIFI; in that case protocols will need to be put in place to block access to suspicious or malicious sites. I recommend daily automatic backups to help ensure the data is secure in the event it becomes lost or damaged. Storing your backups on a cloud base server is becoming an effective an inexpensive way to

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

4

maintain those files. Adding encryption protocols helps to keep sensitive information private. Encryptions can be very hard to crack, and most hackers will not waste their time in trying. You can also encrypt portable devices and files as well. Proper training for employees is very important. Keeping your employees aware of phishing scams and how to recognize and report them is another way to ensure that sensitive data is not transmitted to the wrong person. It is always good to make sure the built-in firewall is enabled and being used properly. Having up to date reliable antivirus software is a bonus. Using your operating systems built-in security features presents another barrier for hackers and makes it that much more difficult to access the sensitive data. Finally, webpage restrictions are another great security measure. Since patients will have access to the WIFI network, this will prevent people from accessing untrusted sites and putting the network at risk. Common Vulnerabilities, Risks and Issues Missing patches on a server could allow a hacker to implement an unauthorized command prompt or “backdoor” into the systems web environment. It is always good to make sure your operating systems security patches are up to date in order to prevent such an attack. Staff members and users should be educated on picking a strong password and avoid using common words or phrases. This will make it harder for someone to determine what the individual’s password is. USB drives can pose a threat to an entire network system. An individual could infect a network with a USB drive since they are on the inside of the firewall. You can eleviate this stress by limiting user access and restricting computers from reading the drive. Mobile devices and tablets can also pose a great risk to your network. Properly managing VPN access on mobile devices can help eleviate that threat. Hardware also has the risk for causing a threat to the network. If the hospital is connected via a public line, hackers could have the potential of

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

5

accessing the unused ports on the router or switch. It is highly effective to disable any unused ports. Protection Plan It is essential to keep your system protected from accidental or intentional harm from staff members. Setting up a system administrator is essential to providing employees with certain access and capabilities. Disabling administrator functions from users is a great way to keep them from accidentally exposing the system to vulnerable attacks. Keeping up to date antivirus software and firmware will help elevate denial of service attacks. Applying website restrictions to untrusted sites will eliminate the potential for intentional or accidental attacks. These upgrades will be enforced by automatic updates during off hours. This should help to reduce the amount of downtime the company will experience. Assigning one person as the system administrator and making sure they give appropriate access to users as needed for their jobs. A cheat sheet may need to be created to determine which job roles get which access. Routinely making users change their passwords with specific requirements will help ensure no one is using to common of a password. For example, every 90 days the user will be prompted to change their password and it must be between 8-16 characters, must have one uppercase letter, one number, and one unique symbol. The Florida Medicaid System is notorious for this. Policies That Protect the Hardware and Physical Aspects of the Network Every hospital needs to have an up to date security policy that every employee has to be trained on and have a signed document stating they understand the security policy in place. At Quest Diagnostics, who I work for, we do this on a regular.

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

6

A well put together security policy, along with proper training, will help minimize the human error aspect. The security policy should outline proper passwords, installation of any hardware or software, internet usage, remote access, and personal device usage. A good policy most businesses use is the acceptable use policy (AUP). This policy lets the user know the company’s standards for usage of the network or internet and should be signed before any access is granted. The hospital should have a remote user policy for the VPN users. This will set the standard so the user knows the proper way to remote into the system. They should use the company provided laptop and credentials. An internet usage policy should be signed off by all staff members prior to release of their credentials. This is a crucial policy for the hospital as it notifies the user what the hospital’s internet guidelines are. Putting these policies in place will help reduce the risk of an attack and help reduce human error. Hardware Areas That Need To Be Secure Areas that store your servers, and main hardware equipment, should be restricted from employees to insure no one makes any unauthorized changes to the system. The WIFI networks should be locked or encrypted with a password. For example, you will have to use your assigned user name and password to log onto the hospital’s WIFI. The hospital can protect laptops by installing antitheft software or by using Apple MAC products since that feature is built in. Installing a CCTV surveillance system is also a good idea to protect the company’s network.

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

7

Steps That Will Be Taken to Ensure the Security of the Operating Systems and Network Files •

Implementing firewall settings and adding intrusion detection software.

•

Implement IPsec VPN for remote users.

•

Installing solid antivirus software and making sure each device is running optimally.

•

Make sure users have the correct access as needed for their job roles.

•

Install security cameras and alarm system to physically protect hardware.

•

Make sure all users are properly trained and sign all security policy documents.

•

Provide proper upgrades and patches to ensure security software is up to date.

Measures That Are Necessary to Protect the Transfer of Data for the Remote Employees It is vital to make sure your data is secure when transferring data to and from the network. If sensitive information needs to be sent via email, the user should encrypt the email to maintain its integrity. There will be times where the file transfer protocol will be needed and alone it is not very secure. If you add an SSL certificate to the FTP it will provide a more secure way to transfer larger files.

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN

8

Conclusion In conclusion, there are many ways the hospital can secure their network systems. Some examples are proper employee training, putting security policies in place, adding security software, and securing the hardware. All of these measures can significantly reduce the risk of an attack and prevent unauthorized uses from accessing the system.

UNIT 5 ASSIGNMENT 1 NETWORK SECURITY PLAN Resources; West, J. (2016). Network+ Guide to Networks, 7th Edition. Health Information Privacy Found here; https://www.hhs.gov/hipaa/index.html “The Impact on Network Security through Encryption Protocols” Found here; https://blogs.cisco.com/security/theimpact “What Is An Acceptable Use Policy?” Found here; https://whatis.techtarget.com/definition/acceptable-use-policy-AUPnetworksecurity-through-encrypted-protocols-http2

9...