IT SECURITY AND TROUBLESHOOTING

Disseminating Organizational IT Security and Troubleshooting Best Practices



Disseminating Organizational IT Security and Troubleshooting Best Practices

Introduction

The company's IT infrastructure has been facing serious security issues, due to the unauthorized network access and social engineering attacks. As a senior network administrator, I am responsible for devising security policies and improving the company's network security. This paper describes some of the best practices for implementing network security and the means of communication that can be used to deliver the security policies and guidelines to the company's employees.

User Authentication Policies

The first step for improving the company's network security is the implementation of effective user authentication processes, as most security breaches happened as a result of social engineering attacks. The authentication policies will have to be valid for both wired and wireless networks (Intel, 2005), as many of the employees access the network resources, such as printing devices from their wi-fi enabled devices.

Policy 1

IT department will create individual log on and email accounts for all of the company's employees. All employees will be provided with unique ID and password, using which they will be able to log on to the company's domain and systems. Employees will be strictly instructed to keep their passwords with them, as only they will be considered responsible for any activity done with their account. Without logging on the domain, no employee shall be able to access any of the network resources.

The metadata of all employees will be stored on the centralized company's repository, and accounts will be managed properly. The hard copy account request form signed by the employee must be submitted to the department. The assigned IT staff will be responsible for documenting the details about new user accounts, changes to user accounts, and termination of user accounts. The documents will also include the authorized network resources associated with each user account.

For all official conversations, the company provided email accounts will be used. The ID/Password strategy will simplify the process of user authentication, and will reduce the risk of social engineering via email. It will also prevent non authorized users from accessing network resources. Figure 1 shows the user authentication pyramid.

Figure 1: User Authentication Pyramid

Policy 2

The second policy will deal with logical network access control. The employees will be provided access to the resources according their job requirements and designations. For example, the access to security software will only be provided to the managerial level staff, so that no other employee can make any changes to the security environment. In addition to security software, the logical access will be implemented to the data base management systems, and various other confidential application of the company. These controls will help in restricting anyone from accessing the valuable information resources of company.

The logical access controls will also monitor the number of failed logon attempts made by any employee. After making three incorrect attempts, the employee's account will be blocked, temporarily disabled. If someone makes unsuccessful logon attempts by using remote access facility, his connection from the ...