Scribd
Upload
101 views3 pages

Security Infrastructure Policies Final Assigment

This document outlines the security policies for an organization to protect its IT infrastructure and information. It details policies for authentication, external and internal website security, remote access, firewall rules, wireless security, VLAN configuration, laptop security, application usage, general security and privacy practices, and intrusion detection. The goals are to authenticate users with strong passwords and two-factor authentication, implement network segmentation, keep systems updated and monitored, backup important data, encrypt sensitive information, limit access to data, and notify customers of any data breaches.

Uploaded by

lorenzo mahecha villa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
101 views3 pages

Security Infrastructure Policies Final Assigment

This document outlines the security policies for an organization to protect its IT infrastructure and information. It details policies for authentication, external and internal website security, remote access, firewall rules, wireless security, VLAN configuration, laptop security, application usage, general security and privacy practices, and intrusion detection. The goals are to authenticate users with strong passwords and two-factor authentication, implement network segmentation, keep systems updated and monitored, backup important data, encrypt sensitive information, limit access to data, and notify customers of any data breaches.

Uploaded by

lorenzo mahecha villa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Security infrastructure policies

Introduction

This document contains the policies that will rule the security information of our
company. It has been designed with the main purpose to protect our IT infrastructure
and information from outside and inside threats or attacks, and guarantee the
continuation of our business.

1. Authentication system

a) We will use a 2-factor authorization system using:


 Knowledge factor: A password with non-less than 8 characters, this
must include 1 upper case character, 1 lower case character, and 1
special character .
 Possession factor: a RSA SecurID token.

2. External website security

a) Install SSL Certificate for securing and encrypting the data that’s transmitted
to our site.
b) Use Strong Passwords for every user in our website. A password with non-
less than 8 characters, this must include 1 upper case character, 1 lower case
character, and 1 special character.
c) Install a Web Application Firewall to add another layer of protection to our
site.
d) Periodically scan our site Site for Malware
e) Periodically backup our Site.
f) Enabling 2FA authentication to sign into our site.
g) Periodically Monitor and Test our Site.

3. Internal website security

a) Stop and Disable Unnecessary Services.


b) Restricted Permissions and privileges of our employees.
c) Keep up to date our operating system and any other software running on it
with the latest security patches.
d) To keep a Real Time Monitoring system that sends alerts in case of IT
security problem.
e) Carry out backups scheduled for all the important databases.
f) Implement an auditing and logging system in order to know who accessed
which system when and how
g) Implement an Authentication & Authorization system with a 2FA
authentication.
4. Remote access solution

a) OPENVPN

Source:Wikipedia

“OpenVPN is an open-source commercial software that implements virtual


private network (VPN) techniques to create secure point-to-point or site-to-
site connections in routed or bridged configurations and remote access
facilities. It uses a custom security protocol that utilizes SSL/TLS for key
exchange. OpenVPN allows peers to authenticate each other using pre-
shared secret keys, certificates or username/password.”

OpenVPN. Retrieved from : https://en.wikipedia.org/wiki/OpenVPN

5. Firewall and basic rules recommendations

a) Block all traffic by default and only allow specific traffic to identified
services.
b) Set the most explicit firewall rules.
c) Remove “Accept All” rules
d) Audit logs
e) Make sure the firewall is up to date

6. Wireless security

a) Change the default admin password of our wireless router/access


point/bridge.
b) Physically Secure Access Points
c) Use Wireless Intrusion Prevention Systems
d) Use Wi-Fi Protected Access 2 (WPA2)
e) Separate our Private Network from our Guest Network
f) Limit our WiFi Signal Strength

7. VLAN configuration recommendations

a) Securing a VLAN network physically.


b) Separate management and user data traffic.
c) Create a VLAN ID for each department, it will separate the broadcast
domains and it will provide logical security.
8. Laptop security configuration

a) Stay up-to-date with software patches and updates.


b) Install Anti-virus Software and keeping updates current
c) Install Anti-Spyware Software and keeping updates current
d) Enable firewall software
e) Use strong passwords
f) Ensure physical security
g) Remove unnecessary services
h) Use secure system configurations
i) Make periodic backup copies of data
j) Encrypt hard drives
k) No allow users to install software

9. Application policy recommendations

a) Install the latest version of software


b) Doesn’t allow to install risky software
c) Doesn’t allow to install browser extensions or add ons
d) Allow install software that is only related with the bossiness activity.

10. Security and privacy policy recommendations

a) Limit the Use of and Access to Sensitive Information


b) Access to sensitive information is limited.
c) Provide Employees with IT security Training
d) Create a Data Protection Culture

11. Intrusion detection or prevention for systems containing customer data

a) Secure the physical premises of our building by installing a security system.


b) Limit Access to Customer Information
c) Consider destroying customer Data after we’ve Used It.
d) Collect only what’s Necessary.
e) Lockdown all computers.
f) Notify clients and customers when data has been compromised
g) Lockdown physical files containing customer data

You might also like