Network Security Proposal Template
Network Security Proposal
CMIT 320 7981
University of Maryland University College
II. Securing Boundary Devices, Hosts, and Software
A. Physical Security
Physical security is the use of protection of assets from threats such as theft or damage 5 the University may endure as a business. The physical security of an asset is further broken down into three categories: prevention, detection and recovery5. The physical security should restrict the access to both the campus and the hosts that UMUC provides, prevent against unauthorized disclosure and disposal of information, and protect the interior and exterior of the campus. Use of perimeter barriers is way to enforce physical security. The use of security guards, security posts for entry and exit of both individuals and vehicles, proper lighting, labeling and cameras.
Campus security is extremely important because it’s the first line safety for students, faculty and employees. Campus security provides both physical security at both at a human and equipment level. With the vast amount of people with different backgrounds and upbringings, having that mediator when faculty or employees aren’t avail provides reassurance to students and parents. Campus security will maintain logs of visitors and can help control access of vehicles at designated posts to ensure only authorized individuals with proper forms of identifications (license, badges, etc). Campus security can not be everywhere all the time and can at times become overwhelmed with population of the campus especially during start of a semester. Security cameras provides the University with extra eyes. Proper labeling such as “Authorized Access Only”, “Faculty Only”, etc provides a visual that only authorized individuals at these locations and those without proper credentials or access rights to those areas will be apprehended by campus security. Lastly, lighting is important. Lighting provides safety for students who roam the campus during hours of low visibility whether for class, library, or whatever other reason. Lighting also helps security to be able to see suspicious behavior and prevent unauthorized behaviors.
Physical security main objective is to protect the assets, facilities and individuals. Safe and secure campuses provides those at UMUC with better learning experiences. Physical security is often overlook at organizations who merely believe protecting the network is more important meanwhile physical security is the beginning defense in protecting the network by ensuring unauthorized individuals do no make it physically to the system. One physical security breach can mitigate the work of network security control and make them useless.
B. Mobile Device Security
As technology continues to advance, mobile devices (smartphones, tablets and notebook computers) are becoming more and more of the norm in the common places. Mobile devices have the capability of storing and processing large amounts of information with the flexibility of not needing a fixed location and mobility, this also increases the threat of unauthorized access to the data stored on the device. UMUC will implement training for users whether students and employees on how to properly secure mobile devices which will be implemented coincide with the AUP.
UMUC security team in collaboration with management will develop a training seminar and AUP policy on the use of mobile devices on the campus. The network security training will reinforce the importance of properly using devices on the network. Users will understand how to only allow connections from verified and trusted devices, disable connection methods such as Wi-Fi and Bluetooth which can lead to attacks such as bluejacking, full device encryption, screen lock authentication and installing remote wipe feature on all mobile devices. Geofencing (virtual boundary) will be enforced within specified radius on the campus. Geofencing informs users if they are outside the designated area for access to the campus’s network. Users will either be locked out or sent an alert that they have left the designated area for access to resources. To ensure Geofencing isn’t exposed to vulnerability, users will disable geotagging which hackers can use. Lastly, UMUC will develop a reporting system for both students and employees to notify the security team of any mobile device that has been lost or stolen. The network security will take the proper steps on tracking document the lost equipment and ensuring the remote wipe feature has been enabled.
The proposed solutions helps mitigate threats that are often faced when Universities authorize BYOD (bring your own device). Enforcing the policy ensure users are aware of their responsibilities and gives them the guidance on how to protect themselves due to network security team unable to individual help each student, faculty and employee.
C. Perimeter Defenses
Perimeter defense is security process that will guard UMUC perimeter network infrastructure. The intent of the perimeter defense is to protect against attacks such as denial of service (DoS) attacks, spoofing, ARP poisoning, and session hijacking to name a few. In order for a perimeter defense to be effective, it must be layered while simultaneously not effecting the users on the network and disrupting the learning environment. The resources that will support the needs of UMUC are: a demilitarized zone (DMZ), network address translation (NAT), and virtual private networks (VPN).
The first step in the perimeter defense is the demilitarized zone (DMZ). The DMZ is where the public servers will be hosted that to minimize exposure to the secure networks. The DMZ will be set up with firewalls for the public and private servers to avoid cross interference. In support of the DMZ is the network address translation (NAT). NAT allows computers from the outside local area network (LAN) only see one IP address while the internal network can see every internal address unique to each system. This provides a type of firewall protection and since NAT is an internal IP address it gives the university the ability to use a single IP address to represent a group of systems such as computers which results in needing fewer IP address from internet service providers. Virtual Private Networks (VPN) is an extension of a private network over a public network (internet) that uses encrypted and authenticated links that allows user remote access and routed connections between either private networks or computers. Users will install the VPN to gain access to campus network resources. Cisco AnyConnect allows secure access from mobile devices from any location to the University’s enterprise network4. The program allows for flexible and customizable licensing to fit the University’s needs. It features the subscription term of 1, 3, or 5 years, scales its usage to meet UMUC population 4. Cisco AnyConnect also contains a few that allows the network security team visibility from the user and their endpoint behavior and/or on and off premises. Another security features AnyConnect features is a cloud based security called the Umbrella Roaming that protects against malware, phishing while they are off the VPN which is exceptional firewall tool to further protect users3.
Perimeter defense uses the strategy of implementing of layered sets of defense that is complimentary to each other. Using multiple layers of security is strategic because it forces potential intruders or hackers to circumvent various defenses which will potentially deter them due to the amount of work. The perimeter defense also works against system disgruntled employees and students and prevents overloading system administrators.
D. Network Defense Devices
The UMUC network security must maintain confidentiality, integrity and availability of the network with one or more of application layer protection. This can become difficult finding the balance between security with the system and the user requirements such as blocking all incoming email attachments to avoid viruses and malware is infeasible for any business let alone a university. To provide the balance needed for the learning environment, UMUC will use defense in depth by implementing the use of the following: border router, firewall, Intrusion Prevention System (IPS), and Intrusion Detection System (IDS).
The first proposed solution is the use of border routers. Border routers is a device that directs traffic that goes in and out of the network. This will be placed between the University’s network and the internet. The network security will have filters on the router to further protect unauthorized users from logging into the router or sending traffic to the router. Following the router will be the network-based firewall. The firewall inspect all traffic pass in or out the network at a more fine grained level than the router and legitimized traffic 1. With the proper configurations, firewalls will users access to the necessary resources UMUC provides with the protection of avoiding malicious programs or the users behind them. The network security team will establish access control list (ACL) which lists host and services that are authorized or unauthorized on the network by port number, IP address or flow of the traffic 1. Next is the use of both the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). IDS and IPS are symbiotic are both are extremely useful in network security. The IDS is only for monitoring of the network and if an attack is detected on the network but cannot take action with network administrator approval which can allow a threat into the network. A research conducted stated that 22 cyber-attacks happen daily 2 and the teamwork of the IDS and UPS deters any potential threats that may sneak through the firewall.
Network defense is protective measures users to detect, monitor, analyze, protect and defense against network infiltration 5. As with perimeter defense, layering security is essential and crucial and deterring hackers, disgruntled employees and student from gaining unauthorized access to the network. UMUC goal is provide a safe and secure network where students, faculty and employees can feel confident their information is safe.
E. Host Defenses
A host is defined as a device that acts a connection between the network 5. This includes computers or servers that data is able to be sent or received from. Just like the network, hosts face vulnerabilities and can be threatened by malware or viruses such as worms, Trojans, or spyware to name a few. Each virus deteriorate the host differently and should be protected against. Human error can assist in allowing these malicious threats into the system so in defense the network security team should train users on preventive measures that can be completed in their everyday use of their host, the security team will implement hardening measures and audits.
As part of the security policies enacted, UMUC enforce password protection when accessing hosts. These passwords will have complex user of letters (both upper and lowercase), numbers and symbols. Users will be made aware the severity of writing down the passwords and how it violates UMUC security and acceptable user policy. The network security team will harden devices by using complex passwords as well, multi-factor authentication, limiting administrative roles and permission to only those requiring those access due to daily responsibilities. The network security team will ensure needed security software such as anti-spyware, anti-malware, and firewall. Users are at times unaware of how to properly determine file attachments safety so these softwares acts as added defense for human error. The team will also ensure software and network patches are updated automatically to ensure systems are updated with the latest safety protocol regardless of network administrators are logged into the system. Software license should be maintained and update to ensure there is no lapse in security as well.
Maintaining updated patches have the abilities to eliminate a lot of bugs and exploits the software and network may occur due to up to date information being available. Not maintaining up to date patches allows threats a backdoor into the hosts which undermines the security UMUC states to provide for its students, faculty and employees. Using audits will help with risk assessments to ensure that the network is maintenance is up to date and reports inefficiencies in the IT resources and strategies which again protects UMUC.
1″What is Computer Network Defense (CND)? – Definition from Techopedia”. .
2L. Papagalos, “Security by Obscurity Infographic – Updated Q2 2017”. 12-Jul.-2017.
3 “Cisco Umbrella Roaming – Cisco”. .
4 “Cisco AnyConnect Secure Mobility Client – Cisco”. .
5 “TestOut LabSim”. .